Impact
Users who run PokeAPI on the public Internet might suffer from a Path Traversal vulnerability on the Nginx container that proxies PokeAPI. The only data that an attacker might see is the filesystem of the container itself. The only sensitive information an attacker could see is thus the SSL certificate and its key that Nginx is currently exposing.
Patches
2.3.0
Workarounds
Manually patch the Nginx conf
References
#665
rep00c Analyst
Impact
Users who run PokeAPI on the public Internet might suffer from a Path Traversal vulnerability on the Nginx container that proxies PokeAPI. The only data that an attacker might see is the filesystem of the container itself. The only sensitive information an attacker could see is thus the SSL certificate and its key that Nginx is currently exposing.
Patches
2.3.0
Workarounds
Manually patch the Nginx conf
References
#665