Directory Traversal

2017-04-14T22:44:30
ID NODEJS:303
Type nodejs
Reporter Liang Gong
Modified 2018-05-08T14:27:01

Description

Overview

Affected versions of hostr are vulnerable to directory traversal which allows attackers to read files outside the current directory by sending ../ in the url path for GET requests.

Recommendation

Upgrade to version 2.3.6 or later.

References

Issue #8)