nginx.conf has a misconfiguration that is exploitable. A location block with no trailing slash and an alias with a slash allows traversal back one level potentially exposing sensitive information.
location /static {
alias /usr/src/app/memberportal/membermatters/static/;
...
nginx.conf
has a misconfiguration that is exploitable. A location block with no trailing slash and an alias with a slash allows traversal back one level potentially exposing sensitive information.For more information: Path traversal via misconfigured alias.