Back to search
CVE-2017-16029
Published: Jun 4, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests.
| Vendor | Product | Versions |
|---|---|---|
HackerOne | hostr node module | affected <=2.3.5 |
Weaknesses (CWE)
References
https://github.com/henrytseng/hostr/issues/8
x_refsource_MISC
https://nodesecurity.io/advisories/303
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now