High severityNVD Advisory· Published Jun 4, 2018· Updated Sep 16, 2024
CVE-2017-16037
CVE-2017-16037
Description
gomeplus-h5-proxy is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gomeplus-h5-proxynpm | <= 1.0.15 | — |
Affected products
1- Range: All versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-94x5-94wf-m445ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-16037ghsaADVISORY
- github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/gomeplus-h5-proxyghsax_refsource_MISCWEB
- nodesecurity.io/advisories/350mitrex_refsource_MISC
- www.npmjs.com/advisories/350ghsaWEB
News mentions
0No linked articles in our index yet.