CVE-2017-16121
Description
datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Directory traversal in datachannel-client allows attackers to read arbitrary files via '../' in URLs.
Vulnerability
datachannel-client is a signaling implementation for DataChannel.js. Versions <= 1.0.2 are vulnerable to directory traversal. By injecting ../ sequences into the URL path, an attacker can escape the intended root directory and access arbitrary files on the filesystem [1][2][3].
Exploitation
An attacker can exploit this vulnerability by sending crafted HTTP requests to the server with path segments like ../ to traverse directories. No authentication is required, and the attack is performed over the network [2].
Impact
Successful exploitation allows an attacker to read arbitrary files from the server's filesystem, potentially exposing sensitive information such as configuration files, source code, or credentials [1][3].
Mitigation
No official fix has been released for this vulnerability as of the publication date. The package appears to be unmaintained. Users should avoid using datachannel-client in production or replace it with an alternative that addresses directory traversal [3].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
datachannel-clientnpm | <= 1.0.2 | — |
Affected products
3- HackerOne/datachannel-client node modulev5Range: All versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-jpg7-6c9f-7q54ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-16121ghsaADVISORY
- github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/datachannel-clientghsax_refsource_MISCWEB
- nodesecurity.io/advisories/391mitrex_refsource_MISC
- www.npmjs.com/advisories/391ghsaWEB
News mentions
0No linked articles in our index yet.