Takes: >> Tkfiles Security Vulnerabilities
The Takes web framework's TkFiles take thru 2.0-SNAPSHOT fails to canonicalize HTTP request paths before resolving them against the filesystem. A remote attacker can include ../ sequences in the request path to escape the configured base directory and read arbitrary files from the host system.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-12-19