GHSA-vc6r-4x6g-mmqc

Опубликовано: 11 июн. 2019

Источник: github

Github: Прошло ревью

Описание

Path Traversal in m-server

Versions of m-server before 1.4.2 are vulnerable to path traversal allowing a remote attacker to display content of arbitrary files from the server.

Recommendation

Update to version 1.4.2 or later.

Ссылки

https://github.com/nunnly/m-server/commit/01f13f040d1961ca3146dce7e2db990156e65e9a
https://hackerone.com/reports/319795
https://github.com/nodejs/security-wg/blob/master/vuln/npm/468.json
https://www.npmjs.com/advisories/731

Пакеты

Наименование

m-server

npm

Затронутые версииВерсия исправления

< 1.4.2

1.4.2

Дефекты

CWE-22

Дефекты

CWE-22