GHSA-2hhw-p8mg-jrm6

Опубликовано: 08 апр. 2019

Источник: github

Github: Прошло ревью

Описание

Path Traversal in http-live-simulator

Versions of http-live-simulator prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths.

Recommendation

Upgrade to version 1.0.6

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2019-5423
https://hackerone.com/reports/384939
https://github.com/advisories/GHSA-2hhw-p8mg-jrm6
https://www.npmjs.com/advisories/799

Пакеты

Наименование

http-live-simulator

npm

Затронутые версииВерсия исправления

< 1.0.6

1.0.6

EPSS

Процентиль: 69%

0.00607

Низкий

CVE ID

CVE-2019-5423

Дефекты

CWE-22

Связанные уязвимости

CVE-2019-5423

CVSS3: 7.5

nvd

почти 7 лет назад

Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker.

EPSS

Процентиль: 69%

0.00607

Низкий

CVE ID

CVE-2019-5423

Дефекты

CWE-22