A Path Traversal issue exists in the socket.io-file package up to and including 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
socket.io-file project socket.io-file |