CVE-2023-25341

Name of the Vulnerable Software and Affected Versions Ladle Dev Server versions 2.5.1 and earlier

Description A Directory Traversal issue allows an attacker on the same network to read files accessible to the user via GET requests. This can be exploited by sending requests to specific API endpoints, although the exact endpoints are not specified. The issue affects users on the local network, potentially allowing access to sensitive files.

Recommendations For Ladle Dev Server versions 2.5.1 and earlier, restrict access to trusted users or apply a patch as soon as possible to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to sensitive files and directories until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.