Product
goshs SimpleHTTPServer prior to version 2.0.0-beta.6 contains an SFTP authentication bypass vulnerability that allows unauthenticated network attackers to access files when the server is started with specific configuration parameters.