Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-4647

[CVE-2018-11798] Node.js Fileserver webroot path

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 0.9.2
    • Fix Version/s: 0.12.0
    • Component/s: Node.js - Library
    • Labels:

      Description

      Node.js fileserver allows for escaping the set file path 

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11798

        Attachments

          Activity

            People

            • Assignee:
              jfarrell Jake Farrell
              Reporter:
              jfarrell Jake Farrell
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: