GHSA-cv3v-7846-6pxm

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Unauthorized File Access in node-git-server

Versions of node-git-server prior to 0.6.1 are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories.

Recommendation

Upgrade to version 0.6.1 or later.

Ссылки

https://github.com/gabrielcsapo/node-git-server/pull/62
https://github.com/gabrielcsapo/node-git-server/commit/ac26650f69bc445d71e4f2c55328676d10a4be43
https://snyk.io/vuln/SNYK-JS-NODEGITSERVER-474343
https://www.npmjs.com/advisories/1214

Пакеты

Наименование

node-git-server

npm

Затронутые версииВерсия исправления

< 0.6.1

0.6.1

7.5 High

CVSS3

Дефекты

CWE-552

7.5 High

CVSS3

Дефекты

CWE-552