Advisories for Npm/Augustine package

2018

Path Traversal

The augustine node module suffers from a Path Traversal vulnerability due to lack of input validation, which allows a malicious user to read content of any file with known path.

Directory Traversal

A crafted GET request can be leveraged to traverse the directory structure of a host using the augustine web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has access to read. Mitigating factors: Only files that the user running augustine has permission to read will be accessible via …