name:W&B Weave Server - Remote Arbitrary File Leak
author:iamnoooob,rootxharsh,pdresearch
severity:high
description:|
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.