Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Y3ItcTkzNS04ajY3

Path Traversal in buttle

All versions of buttle are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths when fetching files.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Permalink: https://github.com/advisories/GHSA-m8cr-q935-8j67
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Y3ItcTkzNS04ajY3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: about 1 year ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-m8cr-q935-8j67, CVE-2018-3766
References:

Blast Radius: 14.0

Affected Packages

npm:buttle

Dependent packages: 1
Dependent repositories: 73
Downloads: 36 last month
Affected Version Ranges: <= 0.2.0
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.7, 0.0.8, 0.0.9, 0.0.10, 0.1.0, 0.1.1, 0.2.0