Spiffy is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
Versions prior to Spiffy 5.4 are vulnerable.
An attacker can use readily available commands and tools to exploit this issue.
Updates are available. Please see the references or vendor advisory for more information.