Описание
Path Traversal in localhost-now
Versions of localhost-now before 1.0.2 are vulnerable to path traversal. This allows a remote attacker to read the content of an arbitrary file.
Recommendation
Update to version 1.0.2 or later.
Пакеты
Наименование
localhost-now
npm
Затронутые версииВерсия исправления
< 1.0.2
1.0.2
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.