Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences.