GHSA-g7r4-m6w7-qqqr
LowSummary
The development server contains a path traversal vulnerability on Windows when serving files from `servedir`. Due to the use of `path.Clean()` (which only normalizes forward-slash `/` separators) instead of a Windows-aware path normalization function, it is possible to craft malicious requests.
Risk Assessment
This vulnerability could lead to unauthorized access to system files, posing a serious threat to the organization's data security.
Recommendation
It is recommended to update the development server to use a Windows-aware path normalization function to mitigate the path traversal risk.
Original NVD description (English source)
### Summary The development server contains a path traversal vulnerability on Windows when serving files from `servedir`. Due to the use of `path.Clean()` (which only normalizes forward-slash `/` separators) instead of a Windows-aware path normalization function, it is possible to craft requests u

