npm

Severity: moderate

Directory Traversal

hostr

Overview

Affected versions of hostr are vulnerable to directory traversal which allows attackers to read files outside the current directory by sending ../ in the url path for GET requests.

Remediation

Upgrade to version 2.3.6 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Apr 14th, 2017
  2. reported

    Initial report by Liang Gong
    Dec 12th, 2016