In versions of MkDocs prior to 1.2.3, the built-in development server (which often identifies as WSGIServer/0.2 CPython/3.x.x ) is vulnerable to directory traversal
If an upgrade is not feasible, consider switching to a different WSGI server implementation that is not vulnerable. There are several robust WSGI servers available, such as Gunicorn or uWSGI, which might offer better security features and support. wsgiserver 0.2 cpython 3.10.4 exploit
: curl http:// :8000/%2e%2e/%2e%2e/%2e%2e/etc/passwd . 2. Command Injection In versions of MkDocs prior to 1