New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Directory Traversal #10
Comments
|
Thank you for so much concern. that will be fixed within a week. u can also pull request to me |
|
I have created a pull request. Since I did not find test scripts, hopefully it will not break any existing functionality. |
|
Cool! Thanks for merging the pull request and patching the package on npm. |
|
those packages have been all deprecated, |
First of all, this is an awesome package with lots of functionalities.
It just has a directory traversal issue, which can be fixed by adding some filtering on the requested url path. To exploit the vulnerability, I can just send a web request say:
http://localhost:80/../../../to browse and retrieve any file on the hosting server.Notice: the above url does not work with
wgetor a browser. Try it by usinghttp.getin a Node.js program.The text was updated successfully, but these errors were encountered: