Description
Rstudio Shiny-Server prior to 1.5.16 is vulnerable to directory traversal and source code leakage. This can be exploited by appending an encoded slash to the URL.
Directory traversal attack is also known as path traversal attack. This vulnerability allows attackers to read random files that are stored outside the web root directory. These files may include the source code or data for backend systems. An attacker could be able to write to arbitrary files on the server, allowing them to manipulate the application’s data or behaviour of the Application, or to even takeover of the server by manipulating variables with ../ sequences and it’s variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system.
Recommendations
- Update Rstudio Shiny Server to the latest version
