[THRIFT-4647] [CVE-2018-11798] Node.js Fileserver webroot path - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.9.2
Fix Version/s: 0.12.0
Component/s: Node.js - Library
Labels:
- SECURITY

Description

Node.js fileserver allows for escaping the set file path

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11798

Attachments

Activity

People

Assignee:: Jake Farrell

Reporter:: Jake Farrell

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 05/Oct/18 02:59

Updated:: 07/Jan/19 15:29

Resolved:: 07/Jan/19 15:29