Site icon API Security Blog

File Access Bypass

graphql-mesh/cli and graphql-mesh/http are vulnerable to File Access Bypass. The vulnerability is due to the `staticFiles` parameter in the configuration file being set to `serve`, which allows an attacker to access files in the server’s file system by relative paths.Read More

Exit mobile version