CVE-2020-15779 – socket.io-file

Package

Manager: npm
Name: socket.io-file
Vulnerable Version: >=0 <=2.0.31

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0046 pctl0.63207

Details

Path Traversal in socket.io-file All versions of `socket.io-file` are vulnerable to Path Traversal. The package fails to sanitize user input and uses it to generate the file upload paths. The `socket.io-file::createFile` message contains a `name` option that is passed directly to `path.join()`. It is possible to upload files to arbitrary folders on the server by sending relative paths on the `name` value, such as `../../test.js`. The `uploadDir` and `rename` options can be used to define the file upload path.

Metadata

Created: 2020-07-07T19:24:47Z
Modified: 2021-09-22T20:28:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/07/GHSA-9h4g-27m8-qjrg/GHSA-9h4g-27m8-qjrg.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-9h4g-27m8-qjrg
Finding: F063
Auto approve: 1