GSA_kwCzR0hTQS0zcjNqLTR2cnctODg0as4ABKcD

High CVSS: 7.7 EPSS: 0.00381% (0.58717 Percentile) EPSS:

Permalink JSON

files-bucket-server vulnerable to Directory Traversal

Affected Packages	Affected Versions	Fixed Versions
npm:files-bucket-server	<= 1.2.6	No known fixed version
1 Dependent packages 1 Dependent repositories 13 Downloads last month Affected Version Ranges All affected versions 1.0.0, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6

All versions of the package files-bucket-server are vulnerable to Directory Traversal where an attacker can traverse the file system and access files outside of the intended directory.

References:

https://nvd.nist.gov/vuln/detail/CVE-2025-8021
https://security.snyk.io/vuln/SNYK-JS-FILESBUCKETSERVER-9510944
https://gist.github.com/lirantal/1f833a7d445e8cfbdcb3e75022954b35#path-traversal-vulnerability-in-files-bucket-server
https://github.com/advisories/GHSA-3r3j-4vrw-884j

Identifiers

GHSA-3r3j-4vrw-884j

CVE-2025-8021

Risk

Severity

High

CVSS

CVSS Score: 7.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

EPSS

EPSS Percentage: 0.00381

EPSS Percentile: 0.58717

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

7 days ago

Updated

7 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories