exploitDog

CVE-2022-25936

Опубликовано: 30 янв. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.

Ссылки

https://gist.github.com/lirantal/691d02d607753d54856f9335f9a1692f
Exploit
Third Party Advisory
https://github.com/andrepolischuk/servst/commit/f7cae5d2d7c64c86bc512e1e50614240396ef114
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-SERVST-3244896
Exploit
Third Party Advisory
https://gist.github.com/lirantal/691d02d607753d54856f9335f9a1692f
Exploit
Third Party Advisory
https://github.com/andrepolischuk/servst/commit/f7cae5d2d7c64c86bc512e1e50614240396ef114
Patch
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-SERVST-3244896
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:servst_project:servst:*:*:*:*:*:node.js:*:*

Версия до 2.0.3 (исключая)

EPSS

Процентиль: 61%

0.00411

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22

CWE-22

Связанные уязвимости

GHSA-88v8-v46g-6c9w

CVSS3: 7.5

github

около 3 лет назад

Servst vulnerable to Path Traversal

EPSS

Процентиль: 61%

0.00411

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

CWE-22

CWE-22