CVE-2020-15779

Published July 15th, 2020

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECTS

Description

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.

socket.io-file

File uploader module for Socket.io

NPM

rico345100/socket.io-file

Socket.io-file is a node module for uploading file via Socket.io module

GitHub