Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2ZmYtMjVjYy00ZjY2
Path Traversal in restify-swagger-jsdoc
Versions of restify-swagger-jsdoc
prior to 3.2.1 are vulnerable to Path Traversal. The package fails to properly sanitize URLs, which may allow attackers to access server files outside the swagger-ui
folder by using relative paths.
Recommendation
Upgrade to version 3.2.1 or later.
Permalink: https://github.com/advisories/GHSA-gvff-25cc-4f66JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2ZmYtMjVjYy00ZjY2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago
Identifiers: GHSA-gvff-25cc-4f66
References: Blast Radius: 0.0
Affected Packages
npm:restify-swagger-jsdoc
Dependent packages: 4Dependent repositories: 16
Downloads: 2,613 last month
Affected Version Ranges: < 3.2.1
Fixed in: 3.2.1
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.0.9, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 2.0.0, 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0
All unaffected versions: 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.3.0