GHSA-f5mh-hq6h-whxv

Suggest an improvement
Source
https://github.com/advisories/GHSA-f5mh-hq6h-whxv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-f5mh-hq6h-whxv/GHSA-f5mh-hq6h-whxv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-f5mh-hq6h-whxv
Aliases
  • CVE-2016-10561
Published
2019-02-18T23:38:29Z
Modified
2023-11-08T03:58:12.691799Z
Summary
Directory Traversal in bitty
Details

Affected versions of bitty are vulnerable to directory traversal via the URL path in GET requests.

Recommendation

The bitty package is not currently maintained, and has not seen an update since 2015.

At this time, the best available mitigation is to use an alternative module that is actively maintained and provides similar functionality, such as serve.

Database specific 
{
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:33:49Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
}
References

Affected packages

npm / bitty

Package

Name
bitty
View open source insights on deps.dev
Purl
pkg:npm/bitty

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.2.10

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-f5mh-hq6h-whxv/GHSA-f5mh-hq6h-whxv.json"