The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. References: https://github.com/nisdn/CVE-2021-40978 https://github.com/mkdocs/mkdocs
Created mkdocs tracking bugs for this issue: Affects: epel-7 [bug 2011941] Affects: fedora-all [bug 2011940]
Upstream issue: https://github.com/mkdocs/mkdocs/issues/2601
seems that the service is using not affected version mkdocs-0.17.5 but still filing a tracker