Описание
Phoenix-ws source code and data in extensions folder is publicly available
Impact
All of the source code, files, and folders in phoenix_files/extensions/ are available to end users through a simple HTTP GET request.
Patches
The issue has been patched. The users of version 1.0.6 and above are not effected.
Пакеты
Наименование
phoenix-ws
pip
Затронутые версииВерсия исправления
< 1.0.6
1.0.6
7.5 High
CVSS3
Дефекты
CWE-200
7.5 High
CVSS3
Дефекты
CWE-200