Patched gem version: v2.5.2
PR with patch: #158
Affected versions: v2.5.1 and below
Use cases affected:
Basically, anyone who can connect to the port can read files available to the user running the livereload server.
Stuff left to do:
Update gem version in readme to reflect #159
A CVE was assigned for this issue: CVE-2016-1000305