Vulnerability Details CVE-2020-36629
A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.0%
CVSS Severity
CVSS v3 Score 5.5
References
- https://github.com/SimbCo/httpster/commit/d3055b3e30b40b65d30c5a06d6e053dffa7f35d0
- https://github.com/SimbCo/httpster/pull/36
- https://vuldb.com/?id.216748
- https://github.com/SimbCo/httpster/commit/d3055b3e30b40b65d30c5a06d6e053dffa7f35d0
- https://github.com/SimbCo/httpster/pull/36
- https://vuldb.com/?id.216748
Products affected by CVE-2020-36629
-
cpe:2.3:a:httpster_project:httpster:-
-
cpe:2.3:a:httpster_project:httpster:0.1.0
-
cpe:2.3:a:httpster_project:httpster:0.2.0
-
cpe:2.3:a:httpster_project:httpster:0.2.1
-
cpe:2.3:a:httpster_project:httpster:0.3.0
-
cpe:2.3:a:httpster_project:httpster:0.3.1
-
cpe:2.3:a:httpster_project:httpster:0.3.2
-
cpe:2.3:a:httpster_project:httpster:0.4.0
-
cpe:2.3:a:httpster_project:httpster:0.5.0
-
cpe:2.3:a:httpster_project:httpster:0.5.1
-
cpe:2.3:a:httpster_project:httpster:0.5.2
-
cpe:2.3:a:httpster_project:httpster:0.6.0
-
cpe:2.3:a:httpster_project:httpster:0.7.0
-
cpe:2.3:a:httpster_project:httpster:0.9.0
-
cpe:2.3:a:httpster_project:httpster:1.0.0
-
cpe:2.3:a:httpster_project:httpster:1.0.1
-
cpe:2.3:a:httpster_project:httpster:1.0.3
-
cpe:2.3:a:httpster_project:httpster:1.0.4
-
cpe:2.3:a:httpster_project:httpster:1.0.5
-
cpe:2.3:a:httpster_project:httpster:1.0.6
-
cpe:2.3:a:httpster_project:httpster:1.1.0
-
cpe:2.3:a:httpster_project:httpster:1.2.0
-
cpe:2.3:a:httpster_project:httpster:1.2.1