Описание
Path Traversal in restify-swagger-jsdoc
Versions of restify-swagger-jsdoc prior to 3.2.1 are vulnerable to Path Traversal. The package fails to properly sanitize URLs, which may allow attackers to access server files outside the swagger-ui folder by using relative paths.
Recommendation
Upgrade to version 3.2.1 or later.
Пакеты
Наименование
restify-swagger-jsdoc
npm
Затронутые версииВерсия исправления
< 3.2.1
3.2.1
Дефекты
CWE-22
Дефекты
CWE-22