CVE-2017-16037

Name of the Vulnerable Software and Affected Versions: gomeplus-h5-proxy versions (affected versions not specified)

Description: The issue allows attackers to access any file in the system by exploiting a directory traversal vulnerability. This can be achieved by placing '../' in the URL, enabling malicious actors to access files outside of the intended directory root, potentially disclosing private files on the vulnerable system. For example, a malicious request can be made to access sensitive files, such as /../../../../../../../../../../etc/passwd.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to sensitive files and directories until an alternative solution is available. It is recommended that the package is only used for local development, and if the functionality is needed for production, a different package is used instead.