Directory traversal

2023-12-0820:15:00

PRIOn knowledge base

www.prio-n.com

evershop

npm

directory traversal

vulnerability

delete function

api

files

remote attacker

sensitive information

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.4%

JSON

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.

CPENameOperatorVersion
evershopeq1.0.0 beta2
evershopeq1.0.0 beta1
evershopeq1.0.0 beta
evershopeq1.0.0 rc3
evershopeq1.0.0 rc1
evershopeq1.0.0 rc2
evershopeq1.0.0 beta3
evershopeq1.0.0 beta4
evershopeq1.0.0 beta5
evershopeq1.0.0 rc5

Name	Operator	Version
evershop	eq	1.0.0 beta2
evershop	eq	1.0.0 beta1
evershop	eq	1.0.0 beta
evershop	eq	1.0.0 rc3
evershop	eq	1.0.0 rc1
evershop	eq	1.0.0 rc2
evershop	eq	1.0.0 beta3
evershop	eq	1.0.0 beta4
evershop	eq	1.0.0 beta5
evershop	eq	1.0.0 rc5