Description
Versions of crud-file-server prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
Recommendation
Update the crud-file-server package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.9.0
- Patched version(s): 0.9.0
References
Related Issues
- PostCSS line return parsing error - CVE-2023-44270
- mavo DOM Clobbering vulnerability - CVE-2024-53388
- Cube API denial of service attack - CVE-2023-50709
- Prototype Pollution in protobufjs - CVE-2022-25878
- Tags:
- npm
- crud-file-server
Anything's wrong? Let us know Last updated on March 01, 2023