Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.

Affected Packages

npm m-server

Affected versions: 0 (fixed in 1.4.1)

Related CVEs

CVE-2018-16485

Key Information

GHSA ID

GHSA-899g-6q6w-7v94

Published

February 18, 2019 11:58 PM

Last Modified

September 12, 2023 8:43 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

m-server

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 30, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.