{"url":"http://public2.vulnerablecode.io/api/packages/420590?format=json","purl":"pkg:npm/augustine@0.2.0","type":"npm","namespace":"","name":"augustine","version":"0.2.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/362263?format=json","vulnerability_id":"VCID-6yfd-kzxk-e3a1","summary":"Directory Traversal\nA crafted GET request can be leveraged to traverse the directory structure of a host using the `augustine` web server package, and request arbitrary files outside of the specified web root. This allows for a remote attacker to gain access to arbitrary files on the filesystem that the process has access to read. Mitigating factors: Only files that the user running `augustine` has permission to read will be accessible via this vulnerability.","references":[{"reference_url":"https://hackerone.com/reports/296282","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/296282"}],"fixed_packages":[],"aliases":["GMS-2018-5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6yfd-kzxk-e3a1"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/augustine@0.2.0"}