CVE-2016-10528
Directory Traversal in restafary
EPSS 0.39%
描述
Affected versions of `restafary` are susceptible to a directory traversal vulnerability when a root path is specified in the configuration. Proof of Concept ``` curl -i -s -k -X 'GET' -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' 'http://localhost:8000/api/v1/fs/..%2f..%2fetc/passwd' ``` ## Recommendation Update to version 1.6.1 or later.
如何修補 CVE-2016-10528
要修補 CVE-2016-10528,請將受影響套件升級到下列已修補版本。
- npm/restafary—升級至 1.6.1 或更新版本
CVE-2016-10528 正在被利用嗎?
低 — EPSS 為 0.4%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.6.1