0.29.3
7 years ago
3 years ago
Package is deprecated
Known vulnerabilities in the sapper package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
sapper is a framework for building high-performance universal web apps. Affected versions of this package are vulnerable to Path Traversal. It allows an attacker to simply obain arbitrary files from the remote server, exploiting a simple path traversal using URL-encoded "../". How to fix Path Traversal? Upgrade | <0.27.11 |
sapper is a framework for building high-performance universal web apps. Affected versions of this package are vulnerable to Directory Traversal.
when serving ###PoC by Daniel Thompson:
##Details: A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files. Directory Traversal vulnerabilities can be generally divided into two types:
If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.
Note
One way to achieve this is by using a malicious The following is an example of a
How to fix Directory Traversal? Upgrade | <0.27.11 |