CVE-2017-16130 Information
Description
exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue giving an attacker access to the filesystem by placing ../\ in the url. Accessible files are restricted to those with a file extension. Files with no extension such as /etc/passwd throw an error.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/exxxxxxxxxxx
https://nodesecurity.io/advisories/478
exxxxxxxxxxx
is
an
Http
eX
Frame
Google
Style
JavaScript
Guide.
exxxxxxxxxxx
is
vulnerable
to
a
directory
traversal
issue
giving
an
attacker
access
to
the
filesystem
by
placing
../
in
the
url.
Accessible
files
are
restricted
to
those
with
a
file
extension.
Files
with
no
extension
such
as
/etc/passwd
throw
an
error.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: