Описание
Path Traversal in general-file-server
All versions of general-file-server are vulnerable to path traversal.
Recommendation
No fix is currently available for this vulnerability. It is our recommendation to not use this module until a fix has been provided.
Пакеты
Наименование
general-file-server
npm
Затронутые версииВерсия исправления
<= 1.1.8
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.