Path Traversal in general-file-server

Description

All versions of general-file-server are vulnerable to path traversal.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.1.8

References

• GHSA-wv2f-3rxv-jqhp
• hackerone.com
• www.npmjs.com
• CVE-2018-3724
• CWE-22
• CAPEC-310
• OWASP 2021-A1
• OWASP 2021-A6

Related Issues

• Path Traversal in crud-file-server - CVE-2018-3733
• Path Traversal in http-file-server - CVE-2019-5447
• Path Traversal in angular-http-server - CVE-2018-3713
• Cross-site Scripting (XSS) - Stored in crud-file-server - CVE-2018-3726

Tags:

npm

general-file-server