Path Traversal in node-srv

2018-07-26T14:50:41
ID GHSA-52R9-G5G6-2HJP
Type github
Reporter GitHub Advisory Database
Modified 2021-01-08T19:51:51

Description

Versions of node-srv before 2.1.1 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses node-srv.

Recommendation

Update to version 2.1.1 or later.