cve/2021/CVE-2021-3374.md

CVE-2021-3374

Description

Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.

POC

Reference

No PoCs from references.

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates
• https://github.com/Elsfa7-110/kenzer-templates
• https://github.com/colemanjp/rstudio-shiny-server-directory-traversal-source-code-leak
• https://github.com/d4n-sec/d4n-sec.github.io