CVE-2017-0930

Name of the Vulnerable Software and Affected Versions augustine (affected versions not specified)

Description The issue arises from a lack of validation of URLs in the augustine node module, leading to a Path Traversal vulnerability. This allows a malicious user to read the content of any file with a known path. A malicious actor can exploit this vulnerability to access files outside of the intended directory root, potentially resulting in the disclosure of private files on the vulnerable system. An example of exploitation is accessing the "/etc/passwd" file.

Recommendations As a temporary workaround, consider using a different, functionally equivalent static file server package until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. Avoid using the augustine node module for serving static files until the issue is resolved.