Security Advisory

CVE-2020-15779

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-07-15 20:42:39

Last updated 2024-08-04 13:22:30

Assigner mitre

State PUBLISHED

Description

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.

← Browse all CVEs View on cve.org ↗