Versions of stattic before 0.3.0 are vulnerable to path traversal allowing a remote attacker to read arbitrary files with any extension from the server that users stattic.
Update to version 0.3.0 or later.
{
"cwe_ids": [
"CWE-22"
],
"severity": "HIGH",
"github_reviewed_at": "2020-06-16T21:59:29Z",
"github_reviewed": true,
"nvd_published_at": "2018-05-29T20:29:00Z"
}