Lucene search
GoogleOSV:GHSA-JP46-FW6C-3PM9HistorySep 01, 2020 - 6:46 p.m.
Directory Traversal in scott-blanch-weather-app
2020-09-0118:46:58
Google
osv.dev
4
0.004 Low
EPSS
Percentile
74.9%
Affected versions of scott-blanch-weather-app resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.
Example request:
GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:foo
Recommendation
No patch is available for this vulnerability.
It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.
Related
prion
prion
Directory traversal
2018-06-07 02:29:00
cvelist
cvelist
CVE-2017-16184
2018-04-26 00:00:00
github
github
Directory Traversal in scott-blanch-weather-app
2020-09-01 18:46:58
cve
cve
CVE-2017-16184
2018-06-07 02:29:05
veracode
veracode
Directory Traversal
2018-06-08 04:25:27
nodejs
nodejs
Directory Traversal
2017-07-17 21:20:41
nvd
nvd
CVE-2017-16184
2018-06-07 02:29:05