CVE-2024-7340

Name of the Vulnerable Software and Affected Versions Weave server (affected versions not specified)

Description The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. The issue is being actively exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.