3 matches found
reasy (>=1.0.0 <=1.5.1), reasy-pure (>=0.0.5 <=1.0.4) +1 more potentially affected by CVE-2017-16097 via tiny-http (>=1.2.2 <=2.0.8)
tiny-http NPM version =1.2.2, =1.0.0, =0.0.5, =1.1.0, =2.1.4 Source cves: CVE-2017-16097 Source advisory: OSV:GHSA-CCH6-5X4H-6QC5...
CVE-2017-16097
CVE-2017-16097 concerns the tiny-http library, a simple HTTP server. The accompanying advisories describe a directory traversal vulnerability where crafted URLs containing relative paths (e.g., ../) allow access to files outside the intended root. Affected versions resolve relative file paths imp...
CVE-2017-16097
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...