Vulnerability Details CVE-2017-16222
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to /../../../etc/passwd, for example, will return a 404 on etc/passwd/index.js.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.4%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2017-16222
-
cpe:2.3:a:elding_project:elding:1.0.0