CVE-2020-15779

Path Traversal in npm/socket.io-file

Identifiers

CVE-2020-15779, GHSA-9h4g-27m8-qjrg

Package Slug

npm/socket.io-file

Vulnerability

Path Traversal

Description

A Path Traversal issue was discovered in the socket.io-file package for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.

Affected Versions

All versions up to 2.0.31

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-07-27

source