MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczY2ctNjU3Ny13eDlm

High EPSS: 0.00561% (0.67609 Percentile) EPSS:

Permalink JSON

Directory Traversal in cuciuci

Affected Packages	Affected Versions	Fixed Versions
npm:cuciuci PURL: `pkg:npm/cuciuci`	>= 0.0.0	No known fixed version

Affected versions of cuciuci resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.

Example request:

GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:foo

Recommendation

No patch is available for this vulnerability.

It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.

References:

https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/cuciuci
https://www.npmjs.com/advisories/381
https://nvd.nist.gov/vuln/detail/CVE-2017-16122
https://github.com/advisories/GHSA-w3cg-6577-wx9f

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczY2ctNjU3Ny13eDlm

Directory Traversal in cuciuci

Recommendation

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API