CVE-2017-16029

Опубликовано: 04 июн. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending ../ in the url path for GET requests.

Ссылки

https://github.com/henrytseng/hostr/issues/8
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/303
Third Party Advisory
https://github.com/henrytseng/hostr/issues/8
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/303
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hostr_project:hostr:*:*:*:*:*:node.js:*:*

Версия до 2.3.5 (включая)

EPSS

Процентиль: 67%

0.00534

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-xqqr-p362-6rmc