GHSA-cgjv-rghq-qhgp

Опубликовано: 11 сент. 2019

Источник: github

Github: Прошло ревью

CVSS3: 8.6

Описание

Path Traversal in algo-httpserv

Versions of algo-httpserv prior to 1.1.2 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths.

Recommendation

Upgrade to version 1.1.2 or later.

Ссылки

https://github.com/AlgoRythm-Dylan/httpserv/commit/bcfe9d4316c2b59aab3a64a38905376026888735
https://snyk.io/vuln/SNYK-JS-ALGOHTTPSERV-174741
https://www.npmjs.com/advisories/889

Пакеты

Наименование

algo-httpserv

npm

Затронутые версииВерсия исправления

< 1.1.2

1.1.2

8.6 High

CVSS3

Дефекты

CWE-22

8.6 High

CVSS3

Дефекты

CWE-22