Lucene search
GoogleOSV:GHSA-CQV6-7FWC-8M3CHistorySep 01, 2020 - 4:44 p.m.
Directory Traversal in xtalk
2020-09-0116:44:59
Google
osv.dev
7
0.006 Low
EPSS
Percentile
79.3%
Affected versions of xtalk are vulnerable to directory traversal, allowing access to the filesystem by placing “…/” in the URL.
Example request:
GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:localhost
Recommendation
No patch is currently available for this vulnerability, and the package has not been updated since 2014.
The best mitigation is currently to avoid using this package, and using a different, functionally equivalent package.
Related
cve
cve
CVE-2017-16091
2018-06-07 02:29:01
cvelist
cvelist
CVE-2017-16091
2018-04-26 00:00:00
github
github
Directory Traversal in xtalk
2020-09-01 16:44:59
nodejs
nodejs
Directory Traversal
2017-05-02 23:00:57
veracode
veracode
Directory Traversal
2018-06-07 14:12:50
prion
prion
Directory traversal
2018-06-07 02:29:00
nvd
nvd
CVE-2017-16091
2018-06-07 02:29:01