Hi Magento team,
When we use an automated security scanning tool to scan the website,
following URLs generated by the tool have the "Path Disclosure" Vulnerability.
The scanning tool provided following information regarding the "Path Disclosure" Vulnerability.
A potentially sensitive file, directory, or directory listing was discovered on the Web server.
The contents of this file or directory may disclose sensitive information.
Verify that access to this file or directory is permitted. If necessary, remove it or apply access controls to it.
Magento returned "HTTP/1.1 200 OK" to above URLs, which is an issue.
Please advise how to fix this, thank you.
These URLs don't appear to be files on the server so I think this is a false positive.
If you do find a security flaw, I recommend that you post to firstname.lastname@example.org rather than on a public forum. Many thanks.