Affected versions of `hostr` are vulnerable to directory traversal which allows attackers to read files outside the current directory by sending `../` in the url path for GET requests.

## Recommendation

Upgrade to version 2.3.6 or later.

Affected Packages

npm hostr

Affected versions: 0 (fixed in 2.3.6)

Related CVEs

CVE-2017-16029

Key Information

GHSA ID

GHSA-xqqr-p362-6rmc

Published

November 9, 2018 5:44 PM

Last Modified

September 12, 2023 9:11 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

hostr

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.