CVE-2021-3374
published 2021-04-02CVE-2021-3374: Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.
PriorityP346medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
14.25%
96.1th percentile
Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rstudio | shiny_server | < 1.5.16 | 1.5.16 |
Detection & IOCsextracted from sources · hover to see the quote
- →HTTP GET request with an encoded slash (%2f) appended to the URL path triggers directory listing; look for 'Index of /' in the response body with HTTP 200 status. ↗
- →Response body contains 'Index of /' string indicating directory traversal success. ↗
- →Response body contains filenames matching the regex [A-Za-z].*\.R, indicating R source code file leakage. ↗
- →Vulnerable endpoint path /sample-apps/hello/ is a known default Shiny Server application path; probe with %2f suffix to confirm exposure. ↗
- ·Vulnerability only affects Rstudio Shiny Server versions prior to 1.5.16; patched versions are not exploitable via this technique. ↗
- ·The CPE scope covers the 'pro' edition specifically; verify whether open-source edition is equally affected before applying detections broadly. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Rstudio Shiny Server <1.5.16 - Local File Inclusion
nuclei·CVSS 5.3
CVE-2021-3374 [MEDIUM] Rstudio Shiny Server <1.5.16 - Local File Inclusion
Rstudio Shiny Server <1.5.16 - Local File Inclusion
Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code leakage. This can be exploited by appending an encoded slash to the URL.
Template:
id: CVE-2021-3374
info:
name: Rstudio Shiny Server <1.5.16 - Local File Inclusion
author: geeknik
severity: medium
description: Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code leakage. This can be exploited by appending an encoded slash to the URL.
impact: |
Successful exploitation of this vulnerability could allow an attacker to read arbitrary files on the server, potentially exposing sensitive information.
remediation: |
Upgrade Rstudio Shiny Server to version 1.5.16 or later to mitigate the vulnerability.
reference:
-
No writeups or analysis indexed.
2021-04-02
Published