Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-16107 Vulnerability in npm package pooledwebsocket

Description

pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Remediation

References

https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/pooledwebsocket

https://nodesecurity.io/advisories/341

Related Vulnerabilities

CVE-2018-1000006 Vulnerability in maven package org.webjars.npm:electron

CVE-2017-16224 Vulnerability in npm package st

CVE-2020-26274 Vulnerability in npm package systeminformation

CVE-2022-42743 Vulnerability in npm package deep-parse-json

CVE-2020-23622 Vulnerability in maven package org.fourthline.cling:cling-core

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory