GHSA-wfhx-6pcm-7m55

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Path Traversal in ponse

Versions of ponse prior to 2.0.2 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.

Recommendation

Upgrade to version 2.0.2 or later.

Ссылки

https://hackerone.com/reports/383112
https://www.npmjs.com/advisories/1002

Пакеты

Наименование

ponse

npm

Затронутые версииВерсия исправления

< 2.0.2

2.0.2

Дефекты

CWE-22

Дефекты

CWE-22