connect-parse-php is a php parsing middleware for grunt-contrib-connect.
Affected versions of the package are vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following url
/..%2f..%2fetc/passwd would result in
Thanks to Liang Gong for disclosing this vulnerability!
There is no fix version for
- Liang Gong
- Snyk ID
- 11 May, 2017
- 07 Jun, 2017