VYPR
High severity7.5NVD Advisory· Published Feb 13, 2020· Updated Jun 17, 2026

CVE-2015-3309

CVE-2015-3309

Description

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Etherpad/Etherpaddescription
  • Range: 1.1.2 through 1.5.4

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.