By default, running the vulnerable file opens a port in the network scope. Thus the Attack Vector (AV) of CVSS is: (N)etwork Impact: We've calculated the base score of the vulnerability (as proposal) as 9.1, with a severity of "Critical" using following the following vector_string: CV...
Denial of service vulnerability: We also verified that this vulnerability can also lead to a Denial of Service attack, as it first loads the whole file content into memory, then tries to send the response. Loading a large file (for example reading /dev/urandom/) can use all the memory wit...