CVE-2018-16475
CVE-2018-16475
In short
Knightjs versions up to 0.0.1 have a path traversal vulnerability that lets attackers read any file on the server by manipulating file paths in requests.
Technical detail
A path traversal flaw (CWE-22) in Knightjs ≤0.0.1 permits unauthenticated attackers to access arbitrary files on the server through specially crafted path inputs that bypass directory restrictions, resulting in unauthorized information disclosure.
Summary generated and translated by AI from the official description.
A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.
Affected products
npm · knightjsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://hackerone.com/reports/403707