CVE-2017-0930

The CVE-2017-0930 entry concerns the Node.js package augustine, a static HTTP server. A lack of URL validation enables a path traversal vulnerability in the file-serving component, allowing an attacker to read arbitrary files outside the web root (as demonstrated by crafted GET requests such as /...