A vulnerability has been reported in Embedthis GoAhead, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
The vulnerability is caused due to an error in the "websNormalizeUriPath()" function (src/http.c), which can be exploited to disclose contents of arbitrary local files via directory traversal sequences or cause a heap-based buffer overflow.
The vulnerability is reported in versions prior to 3.4.2.
