At Detectify, we scan for misconfigurations and security vulnerabilities in Nginx for thousands of customers. We analyzed almost 50,000 unique Nginx configuration files downloaded from GitHub with Google Big query. The most common root paths were the following: Off-by-slash misconfiguration, it is possible to traverse one step up the path due to a missing slash. Some frameworks, scripts and Nginx configurations unsafely use the variables stored by Nginx. This can lead to issues such as XSS, bypassing H httpOnly-protection, information disclosure and in some cases even RCE.
Read more at blog.detectify.com