VulnerableCode Package Details - pkg:npm/hostr@1.2.5

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/hostr@1.2.5

Essentials
History (2)

purl	pkg:npm/hostr@1.2.5

Next non-vulnerable version	2.3.6
Latest non-vulnerable version	2.3.6
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-hdyh-1ddv-nqex Aliases: GMS-2016-93	Directory Traversal There is a directory traversal vulnerability that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests.	2.3.6 Affected by 0 other vulnerabilities.
VCID-qxb6-dbm7-jygg Aliases: CVE-2017-16029 GHSA-xqqr-p362-6rmc	Directory Traversal in hostr Affected versions of `hostr` are vulnerable to directory traversal which allows attackers to read files outside the current directory by sending `../` in the url path for GET requests. ## Recommendation Upgrade to version 2.3.6 or later.	2.3.6 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T03:51:26.431797+00:00	GitLab Importer	Affected by	VCID-qxb6-dbm7-jygg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/hostr/CVE-2017-16029.yml	38.6.0
2026-05-30T03:40:33.803896+00:00	GitLab Importer	Affected by	VCID-hdyh-1ddv-nqex	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/hostr/GMS-2016-93.yml	38.6.0