Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yNzMtd3dmdi1oNmpw
Directory Traversal in fancy-server
Versions 0.1.4 and earlier of fancy-server are vulnerable to a directory traversal attack.
Standard attack vectors such as ../ will allow an attacker to read files outside of the served directory.
Recommendation
Upgrade to version 0.1.4 or greater.
Permalink: https://github.com/advisories/GHSA-m273-wwfv-h6jpJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yNzMtd3dmdi1oNmpw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 4 years ago
Updated: about 2 years ago
EPSS Percentage: 0.00163
EPSS Percentile: 0.53518
Identifiers: GHSA-m273-wwfv-h6jp, CVE-2014-10066
References:
- https://www.npmjs.com/advisories/9
- http://en.wikipedia.org/wiki/Directory_traversal_attack
- https://nvd.nist.gov/vuln/detail/CVE-2014-10066
- https://github.com/advisories/GHSA-m273-wwfv-h6jp
Affected Packages
npm:fancy-server
Dependent packages: 1Dependent repositories: 1
Downloads: 26 last month
Affected Version Ranges: < 0.1.4
Fixed in: 0.1.4
All affected versions: 0.1.0, 0.1.1, 0.1.2, 0.1.3
All unaffected versions: 0.1.4, 0.1.5