Описание
Path Traversal in node-srv
Versions of node-srv before 2.1.1 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses node-srv.
Recommendation
Update to version 2.1.1 or later.
Пакеты
Наименование
node-srv
npm
Затронутые версииВерсия исправления
< 2.1.1
2.1.1
Связанные уязвимости
CVSS3: 6.5
nvd
больше 7 лет назад
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.