Fonoster Inc

1 exploit Active since Mar 2026
CVE-2024-43035 WRITEUP MEDIUM WRITEUP
Fonoster 0.5.5-0.6.1 - Path Traversal via VoiceServer Endpoint
Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1.
CVSS 5.8