PT-2017-13726 · Node.Js+1 · Node.Js+1
Michael Dawson
·
Published
2017-09-28
·
Updated
2020-01-17
·
CVE-2017-14849
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Node.js versions 8.5.0
Description
The issue allows remote attackers to access unintended files due to a change in ".." handling that is incompatible with the pathname validation used by community modules.
Recommendations
For Node.js version 8.5.0, update to version 8.6.0 or later to resolve the issue.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Node.Js
Suse