Описание
Directory Traversal in evershop
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.
Пакеты
Наименование
@evershop/evershop
npm
Затронутые версииВерсия исправления
< 1.0.0-rc.8
1.0.0-rc.8
Связанные уязвимости
CVSS3: 5.3
nvd
около 2 лет назад
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.