Описание
Directory Traversal in list-n-stream
Affected versions of list-n-stream resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.
Example request:
GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:foo
Recommendation
Update to version 0.0.11 or later.
Пакеты
Наименование
list-n-stream
npm
Затронутые версииВерсия исправления
<= 0.0.10
0.0.11
Связанные уязвимости
CVSS3: 7.5
nvd
около 7 лет назад
list-n-stream is a server for static files to list and stream local videos. list-n-stream v0.0.10 or lower is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.