All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().
References
Link | Resource |
---|---|
https://security.snyk.io/vuln/SNYK-JS-SERVELITE-3149916 | Exploit Third Party Advisory |
https://gist.github.com/lirantal/9ccdfda0edcb95e36d07a04b0b6c2db0 | Exploit Third Party Advisory |
Configurations
Information
Published : 2023-01-26 13:15
Updated : 2023-02-01 08:35
NVD link : CVE-2022-21192
Mitre link : CVE-2022-21192
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
serve-lite_project
- serve-lite