CVE-2016-10528
Directory Traversal in restafary
EPSS 0.39%
Description
Affected versions of `restafary` are susceptible to a directory traversal vulnerability when a root path is specified in the configuration. Proof of Concept ``` curl -i -s -k -X 'GET' -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' 'http://localhost:8000/api/v1/fs/..%2f..%2fetc/passwd' ``` ## Recommendation Update to version 1.6.1 or later.
How to fix CVE-2016-10528
To remediate CVE-2016-10528, upgrade the affected package to a fixed version below.
- npm/restafary—upgrade to 1.6.1 or later
Is CVE-2016-10528 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.6.1