Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2NDktNTRxcC1mdzQy
Path Traversal in servey
Versions of servey prior to 3.x are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths.
Recommendation
Upgrade to the latest version
Permalink: https://github.com/advisories/GHSA-rv49-54qp-fw42JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2NDktNTRxcC1mdzQy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 5 years ago
Updated: over 1 year ago
Identifiers: GHSA-rv49-54qp-fw42
References:
- https://github.com/typeorm/typeorm/commit/d46c8b0e6c0db56bb5976a4917e9f67a43715111
- https://hackerone.com/reports/355501
- https://www.npmjs.com/advisories/802
- https://github.com/advisories/GHSA-rv49-54qp-fw42
Blast Radius: 0.0
Affected Packages
npm:servey
Dependent packages: 3Dependent repositories: 2
Downloads: 114 last month
Affected Version Ranges: < 3.1.0
Fixed in: 3.1.0
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.1.7, 2.2.0
All unaffected versions: 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 4.0.0, 4.0.1, 4.0.2, 5.0.0, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.6