digger (=1.2.11), edge-server (=0.1.2) +9 more potentially affected by unknown CVE via lactate (>=0.11.13 <=0.13.12)

lactate NPM version =0.11.13, =0.3.8, =0.7.0, =0.4.4, =0.3.6, =0.1.1, =0.1.0, =0.0.1, =0.3.2 - transmit =0.4.2 - zetta-beaglebone-proxy =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-68GR-CMCP-G3MJ...

GHSA-68GR-CMCP-G3MJ Directory Traversal in lactate

A crafted GET request can be leveraged to traverse the directory structure of a host using the lactate web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has acce...

Directory Traversal in lactate

A crafted GET request can be leveraged to traverse the directory structure of a host using the lactate web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has acce...

Directory Traversal

lactate is vulnerable to directory traversal attacks. A malicious user can make a request to an unauthorized directory to gain access to it...

Directory Traversal

Overview A crafted GET request can be leveraged to traverse the directory structure of a host using the lactate web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process...

Node.js third-party modules: [lactate] Static Web Server Directory Traversal via Crafted GET Request

Hi @vdeturckheim, A crafted GET request can be leveraged to traverse the directory structure of a host using the lactate web server package, and request arbitrary files outside of the specified web root. Module specification Name: lactate Version: 0.13.12 latest release build Verified conditions...