CVE-2017-0930
UNKNOWN
Published 2018-06-04T19:00:00Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2017-0930. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
Affected versions of `augustine` resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.
## Proof of Concept
```http
GET //etc/passwd HTTP/1.1
host:foo
```
## Recommendation
No direct patch is available at this time.
Currently, the best mitigation for this flaw is to use a different, functionally equivalent static file server package.
Affected Packages
npm
augustine
ECOSYSTEM:
≥0
≤0.2.3
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: September 18, 2018, Modified: September 8, 2023
References
Published: 2018-06-04T19:00:00Z
Last Modified: 2024-09-16T16:32:58.291Z
Copied to clipboard!