Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNodm0taGdwdy1yeDRq
Path Traversal in knightjs
All versions of knightjs are vulnerable to Path Traversal.
This vulnerability allows an attacker to read content of arbitrary files on the server due to lack of input validation.
Recommendation
As there is currently no fix for this module we recommend not using this module in production environments.
Permalink: https://github.com/advisories/GHSA-3hvm-hgpw-rx4jJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNodm0taGdwdy1yeDRq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: 8 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-3hvm-hgpw-rx4j, CVE-2018-16475
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16475
- https://hackerone.com/reports/403707
- https://github.com/advisories/GHSA-3hvm-hgpw-rx4j
- https://github.com/nodejs/security-wg/blob/master/vuln/npm/484.json
- https://www.npmjs.com/advisories/743
Affected Packages
npm:knightjs
Dependent packages: 1Dependent repositories: 1
Downloads: 8 last month
Affected Version Ranges: <= 0.0.1
No known fixed version
All affected versions: 0.0.1