CVE-2022-38794 Information

Description

Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.

Reference

https://github.com/zyearn/zaver/issues/22