195 matches found
JLSEC-2026-612 Path traversal in the HTTP.jl static file server via separator/absolute path segments
Description The static file server decoded the request path, split it on /, and rejected only segments exactly equal to . or ... Because URL-decoding ran before the / split, an encoded backslash %5c, a Windows drive specifier C:..., or a UNC prefix \host\share survived inside a single segment and...
JLSEC-2026-617 Open redirect in the HTTP.jl static file server canonical redirects
Description The static file server's canonical 301 redirects index-file strip, directory trailing-slash add, and file trailing-slash strip built the Location header verbatim from the un-normalized request target. Request-target validation only requires a leading /, has no CTL bytes, and the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation in the sanitizePath function. An attacker can access or modify files outside the intended directory boundary by crafting paths that bypass prefix-based checks. Details A Directory Traversal...
Directory Traversal
Overview @fastify/static is a Plugin for serving static files as fast as possible. Affected versions of this package are vulnerable to Directory Traversal via the dirList.path function when directory listing is enabled. An attacker can access directory listings outside the configured static root ...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the fixture process. An attacker can access or overwrite arbitrary files by supplying specially crafted input containing path traversal sequences. Details A Directory Traversal attack also known as path traversal...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal through a discrepancy in path normalization between protocol handlers and internal routing. An attacker can bypass folder-level permissions or escape the boundaries of a configured virtual folder by crafting specific...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the resolveURI function while performing directory validation when the configuration value livy.file.local-dir-whitelist is set to a non-default value. An attacker can gain unauthorized access to arbitrary...
PT-2026-23096
Name of the Vulnerable Software and Affected Versions @hono/node-server versions prior to 1.19.10 Description @hono/node-server allows running the Hono application on Node.js. When using static file serving with route-based middleware protections, inconsistent URL decoding can allow protected...
Directory Traversal
Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to Directory Traversal in the downloadToDir method. A malicious FTP server can overwrite or create files outside the intended directory...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the TkFiles function. An attacker can access files outside the intended directory by submitting specially crafted HTTP request paths containing directory traversal sequences. Details A Directory Traversal attack...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via crafted symbolic links in the repository. An attacker can access sensitive files on the server filesystem by creating and referencing symbolic links that point to arbitrary locations. Details A Directory Traversa...
EUVD-2020-1048
Malware in sbrugna...
EUVD-2020-1254
Malware in sbrugna...
EUVD-2018-0244
Malware in sbrugna...
EUVD-2020-0926
Malware in sbrugna...
EUVD-2018-0348
Malware in sbrugna...
EUVD-2020-1003
Malware in sbrugna...
EUVD-2020-0631
Malware in sbrugna...
EUVD-2020-1157
Malware in sbrugna...
EUVD-2020-1224
Malware in sbrugna...