GHSA-8v2v-wjwg-vx6r: actix-files has a possible exposure of information vulnerability
When passing a non-existing folder to the actix_files::Files::new() method causes the actix server to expose unexpected files.
References
- github.com/actix/actix-web
- github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/files.rs
- github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/files.rs
- github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/files.rs
- github.com/actix/actix-web/blob/fba766b4beb92278665d58815c94d336015225c5/actix-files/src/service.rs
- github.com/actix/actix-web/security/advisories/GHSA-8v2v-wjwg-vx6r
- github.com/advisories/GHSA-8v2v-wjwg-vx6r
Code Behaviors & Features
Detect and mitigate GHSA-8v2v-wjwg-vx6r with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →