Описание
Listing of upload directory contents possible
There's an security issue in prosody-filer versions < 1.0.1 which leads to unwanted directory listings of download directories.
An attacker is able to list previous uploads of a certain user by shortening the URL and accessing a URL subdirectors other than /upload/ (or the corresponding user defined root dir)
Version 1.0.1 and later fix this problem and allow only direct file access if the full path is known. Directory listings are blocked entirely.
Пакеты
Наименование
github.com/ThomasLeister/prosody-filer
go
Затронутые версииВерсия исправления
< 1.0.1
1.0.1