Gomeplus H5 Proxy Node Module
by Hackerone
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16037 | Hig | 0.49 | 7.5 | 0.02 | Jun 4, 2018 | `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL. | ||
| CVE-2017-16014 | Hig | 0.00 | 7.5 | 0.02 | Jun 4, 2018 | Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service. |
- risk 0.49cvss 7.5epss 0.02
`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.
- risk 0.00cvss 7.5epss 0.02
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.