Security Advisory
CVE-2015-0933
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a include command.