Description
Versions of crud-file-server prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
Recommendation
Update the crud-file-server package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.9.0
- Patched version(s): 0.9.0
References
Related Issues
- Firebase vulnerable to CRSF attack - CVE-2024-4128
- Cube API denial of service attack - CVE-2023-50709
- Prototype Pollution in protobufjs - CVE-2022-25878
- Cross-Site Scripting in highcharts - Vulnerability
- Tags:
- npm
- crud-file-server
Anything's wrong? Let us know Last updated on March 01, 2023