Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-1819-qjsq-cuh7

Summary

Directory Traversal
gomeplus-h5-proxy is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.

Aliases

alias	GMS-2017-130

Fixed_packages

Affected_packages

url pkg:npm/gomeplus-h5-proxy@0.0.0-alpha

purl pkg:npm/gomeplus-h5-proxy@0.0.0-alpha

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1819-qjsq-cuh7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/gomeplus-h5-proxy@0.0.0-alpha

References

reference_url	https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/gomeplus-h5-proxy
reference_id
reference_type
scores
url	https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/gomeplus-h5-proxy

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1819-qjsq-cuh7

Vulnerability Instance