MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2cTMtd2Nqdy0zZnho

High EPSS: 0.00561% (0.67609 Percentile) EPSS:

Permalink JSON

Directory Traversal in lab6.brit95

Affected Packages	Affected Versions	Fixed Versions
npm:lab6.brit95 PURL: `pkg:npm/lab6.brit95`	<= 0.1.1	No known fixed version
2 Dependent packages 1 Dependent repositories 9 Downloads last month Affected Version Ranges All affected versions 0.1.1

Affected versions of lab6.brit95 resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.

Example request:

GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:foo

Recommendation

No patch is available for this vulnerability.

It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-16140
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/lab6.brit95
https://github.com/advisories/GHSA-7vq3-wcjw-3fxh
https://www.npmjs.com/advisories/475

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2cTMtd2Nqdy0zZnho

Directory Traversal in lab6.brit95

Affected Version Ranges

All affected versions

Recommendation

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API