CVE-2020-36629: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

December 25, 2022 (updated January 6, 2023)

A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748.

References

github.com/SimbCo/httpster/commit/d3055b3e30b40b65d30c5a06d6e053dffa7f35d0
github.com/SimbCo/httpster/pull/36
github.com/advisories/GHSA-p8j8-wxvp-h695
nvd.nist.gov/vuln/detail/CVE-2020-36629
vuldb.com/?id.216748

Code Behaviors & Features

Detect and mitigate CVE-2020-36629 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →