Lucene search
+L

4 matches found

NVD
NVD
added 2020/07/15 9:15 p.m.25 views

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

7.5CVSS0.01581EPSS
Exploits1References4
CVE
CVE
added 2020/07/15 8:42 p.m.51 views

CVE-2020-15779

CVE-2020-15779: Path traversal in socket.io-file (Node.js) up to 2.0.31. The socket.io-file::createFile path uses path.join with ../ in the name, with uploadDir and rename options further determining the target path, enabling possible arbitrary file writes. Exploitation details are not provided i...

7.5CVSS7.5AI score0.01581EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2020/07/15 8:42 p.m.30 views

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

7.5AI score0.01581EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2020/07/07 7:24 p.m.7 views

@best/agent-hub (>=7.0.1 <=17.0.0), best (>=7.0.1 <=17.0.0) potentially affected by CVE-2020-15779 via socket.io-file (=2.0.31)

socket.io-file NPM version =2.0.31 is affected by a known vulnerability. The following packages have a transitive dependency on socket.io-file and may be impacted: - @best/agent-hub =7.0.1, =7.0.1, =17.0.0 Source cves: CVE-2020-15779 Source advisory: OSV:GHSA-9H4G-27M8-QJRG...

7.5CVSS7.2AI score0.01581EPSS
Exploits1
Rows per page
Query Builder