11 matches found
Arbitrary Code Execution
Overview infraserver is a data server Affected versions of this package are vulnerable to Arbitrary Code Execution due to the default usage of the function load of the package js-yaml instead of its secure replacement , safeLoad. Remediation There is no fixed version for infraserver. References -...
Directory Traversal in infraserver
Affected versions of infraserver resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Exampl...
GHSA-V464-RCX7-J875 Directory Traversal in infraserver
Affected versions of infraserver resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system. Exampl...
Infraserver Directory Traversal Vulnerability
infraserver is a RESTful server. A directory traversal vulnerability exists in infraserver. An attacker can exploit this vulnerability to gain access to the file system by placing a '... /' sequence in a URL to gain access to the file system...
Directory Traversal
infraserver is vulnerable to directory traversal attacks. These attacks are possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...
CVE-2017-16142
infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16142
infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Directory traversal
infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
CVE-2017-16142
The CVE-2017-16142 entry concerns the infraserver RESTful server, which is vulnerable to a directory traversal vulnerability. The root cause is path traversal through crafted URL input (e.g., using sequences like ../) that can allow an attacker to access files outside the intended directory, pote...
CVE-2017-16142
infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...
Directory Traversal
Overview Affected versions of infraserver resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable syste...