QwikSec

Security Database

CVE

CWE

Training

CVE-2017-16222

Published: Jun 7, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js.

Vendor	Product	Versions
HackerOne	elding node module	affected `All versions`

Weaknesses (CWE)

References

https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/elding

x_refsource_MISC

https://nodesecurity.io/advisories/415

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.