CVE-2020-15779, GHSA-9h4g-27m8-qjrg
npm/socket.io-file
Path Traversal
A Path Traversal issue was discovered in the socket.io-file package for Node.js. The socket.io-file::createFile
message uses path.join with ../
in the name option, and the uploadDir
and rename options determine the path.
All versions up to 2.0.31
Unfortunately, there is no solution available yet.
2020-07-27
source |