GHSA-4vvp-x9h2-x2vf

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Path Traversal in public

All versions of public are vulnerable to Path Traversal. This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.

Recommendation

No fix is currently available. Do not use public in production or consider using an alternative module until a fix is made available.

Ссылки

https://hackerone.com/reports/593911
https://www.npmjs.com/advisories/1144

Пакеты

Наименование

public

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

Дефекты

CWE-22

Дефекты

CWE-22