Описание
Directory Traversal in fancy-server
Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack.
Standard attack vectors such as ../ will allow an attacker to read files outside of the served directory.
Recommendation
Upgrade to version 0.1.4 or greater.
Пакеты
Наименование
fancy-server
npm
Затронутые версииВерсия исправления
< 0.1.4
0.1.4
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.