High severityNVD Advisory· Published Jul 15, 2020· Updated Aug 4, 2024
CVE-2020-15779
CVE-2020-15779
Description
A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
socket.io-filenpm | <= 2.0.31 | — |
Affected products
2- Node.js/socket.io-filedescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-9h4g-27m8-qjrgghsax_refsource_MISCADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-15779ghsaADVISORY
- www.npmjs.com/advisories/1519ghsax_refsource_MISCWEB
- www.npmjs.com/package/socket.io-fileghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.