Описание
Directory Traversal in xtalk
Affected versions of xtalk are vulnerable to directory traversal, allowing access to the filesystem by placing "../" in the URL.
Example request:
GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:localhost
Recommendation
No patch is currently available for this vulnerability, and the package has not been updated since 2014.
The best mitigation is currently to avoid using this package, and using a different, functionally equivalent package.
Пакеты
Наименование
xtalk
npm
Затронутые версииВерсия исправления
>= 0.0.2
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.