PT-2020-21319 — Path traversal in Restify Restify-Swagger-Jsdoc

PT-2020-21319 · Restify · Restify-Swagger-Jsdoc

Published

2020-09-03

Updated

2020-09-03

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions restify-swagger-jsdoc versions prior to 3.2.1

Description The issue arises from the package's failure to properly sanitize URLs, potentially allowing attackers to access server files outside the swagger-ui folder by using relative paths.

Recommendations Upgrade to version 3.2.1 or later.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

GHSA-GVFF-25CC-4F66

Affected Products

Restify-Swagger-Jsdoc

PT-2020-21319 · Restify · Restify-Swagger-Jsdoc

Weakness Enumeration

Related Identifiers

Affected Products

References · 2