Closed JanKoppe closed 7 years ago
Why must something be mitigated? Please clarify.
A quick test with localhost/api/v1/compendium/821zh/data/../../../../
resulted in a redirect to http://localhost/api/
..., also if using %2e%2e%2f
or %2e%2e/
. Requests don't even make it into the microservice.
mitigations for directory traversal are missing.