CVE-2021-3374
MEDIUM NUCLEIRStudio Shiny Server < 1.5.16 - Path Traversal via Encoded Slash
Title source: llmExploitation Summary
CVE-2021-3374 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.
Nuclei Templates (1)
Rstudio Shiny Server <1.5.16 - Local File Inclusion
MEDIUMby geeknik
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/colemanjp/shinyserver-directory-traversal-source-code-leak
Vendor Advisory x_refsource_misc
https://blog.rstudio.com/2021/01/13/shiny-server-1-5-16-update/
Scores
CVSS v3
5.3
EPSS
0.1425
EPSS Percentile
96.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
rstudio/shiny_server
< 1.5.16
Published
Apr 02, 2021
Tracked Since
Feb 18, 2026