Rstudio Shiny Server Directory Traversal

Published on
10 Jan 2022


Rstudio Shiny-Server prior to 1.5.16 is vulnerable to directory traversal and source code leakage. This can be exploited by appending an encoded slash to the URL.

Directory traversal attack is also known as path traversal attack. This vulnerability allows attackers to read random files that are stored outside the web root directory. These files may include the source code or data for backend systems. An attacker could be able to write to arbitrary files on the server, allowing them to manipulate the application’s data or behaviour of the Application, or to even takeover of the server by manipulating variables with ../ sequences and it’s variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system.


  • Update Rstudio Shiny Server to the latest version
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment