Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzeHAtajczNy0yODJ2
Path Traversal in takeapeek
All versions of takeapeek are vulnerable to path traversal exposing files and directories.
Recommendation
As no fix is currently available for this vulnerability is it is our recommendation to use another static file server.
Permalink: https://github.com/advisories/GHSA-23xp-j737-282vJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzeHAtajczNy0yODJ2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: 8 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-23xp-j737-282v, CVE-2018-16473
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16473
- https://hackerone.com/reports/403736
- https://github.com/advisories/GHSA-23xp-j737-282v
- https://github.com/nodejs/security-wg/blob/master/vuln/npm/478.json
- https://www.npmjs.com/advisories/740
Affected Packages
npm:takeapeek
Dependent packages: 1Dependent repositories: 1
Downloads: 51 last month
Affected Version Ranges: <= 0.2.2
No known fixed version
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.1.6, 0.1.7, 0.1.8, 0.1.9, 0.1.10, 0.1.11, 0.1.12, 0.1.13, 0.2.0, 0.2.1, 0.2.2