Описание
Directory Traversal in st
Versions of st prior to 0.2.5 are affected by a directory traversal vulnerability. Vulnerable versions fail to properly handle URL encoded dots, which caused %2e to be interpreted as . by the filesystem, resulting the potential for an attacker to read sensitive files on the server.
Recommendation
Update to version 0.2.5 or later.
Пакеты
Наименование
st
npm
Затронутые версииВерсия исправления
< 0.2.5
0.2.5
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.