Описание
Directory Traversal in evershop
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.
Пакеты
Наименование
@evershop/evershop
npm
Затронутые версииВерсия исправления
< 1.0.0-rc.8
1.0.0-rc.8
Связанные уязвимости
CVSS3: 5.4
nvd
около 2 лет назад
Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.