MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NjYteDdjZi1ybWg1

High EPSS: 0.00561% (0.67609 Percentile) EPSS:

Permalink JSON

Directory Traversal in sencisho

Affected Packages	Affected Versions	Fixed Versions
npm:sencisho PURL: `pkg:npm/sencisho`	<= 0.3.3	No known fixed version

Affected versions of sencisho are vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

Example request:

GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:foo

Recommendation

No patch is available for this vulnerability.

It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-16092
https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/sencisho
https://github.com/advisories/GHSA-6866-x7cf-rmh5
https://www.npmjs.com/advisories/340

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NjYteDdjZi1ybWg1

Directory Traversal in sencisho

Recommendation

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API