GMS-2018-3: Directory Traversal

January 15, 2018

The featurebook is vulnerable to a Directory Traversal attack. This may allow attackers to access confidential resources that exist outside of the intended web root of the service. This is mitigated significantly by the fact that featurebook is clearly not intended to be run in production code nor to be exposed to an untrusted network.

References

github.com/nodejs/security-wg/blob/master/vuln/npm/358.json

Detect and mitigate GMS-2018-3 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →