{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12172?format=json","vulnerability_id":"VCID-8uhe-4mm7-47hf","summary":"Path Traversal\nlocalhost-now suffers from a path traversal vulnerability. It allows reading the content of arbitrary files on the remote server.","aliases":[{"alias":"GMS-2018-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54061?format=json","purl":"pkg:npm/localhost-now@1.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-72tp-hs26-rue5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@1.0.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109850?format=json","purl":"pkg:npm/localhost-now@0.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@0.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/109851?format=json","purl":"pkg:npm/localhost-now@0.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@0.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/109852?format=json","purl":"pkg:npm/localhost-now@0.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@0.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/109853?format=json","purl":"pkg:npm/localhost-now@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/109854?format=json","purl":"pkg:npm/localhost-now@0.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@0.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/109855?format=json","purl":"pkg:npm/localhost-now@0.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@0.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/109856?format=json","purl":"pkg:npm/localhost-now@0.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@0.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/109857?format=json","purl":"pkg:npm/localhost-now@0.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@0.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/109858?format=json","purl":"pkg:npm/localhost-now@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54694?format=json","purl":"pkg:npm/localhost-now@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2z6a-23nt-tuae"},{"vulnerability":"VCID-8uhe-4mm7-47hf"},{"vulnerability":"VCID-ga3h-gkza-z3h9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/localhost-now@1.0.1"}],"references":[{"reference_url":"https://github.com/DCKT/localhost-now/commit/30b004c7f145d677df8800a106c2edc982313995","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/DCKT/localhost-now/commit/30b004c7f145d677df8800a106c2edc982313995"},{"reference_url":"https://hackerone.com/reports/312889","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/312889"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8uhe-4mm7-47hf"}