ghsa-3q32-j57w-q4w7
Vulnerability from github
Published
2019-02-20 15:40
Modified
2021-08-31 21:22
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Path Traversal in total.js
Details

Affected versions of total.js are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files outside the /public folder by using relative paths.
The files served are limited to these file types: flac, jpg, jpeg, png, gif, ico, js, css, txt, xml, woff, woff2, otf, ttf, eot, svg, zip, rar, pdf, docx, xlsx, doc, xls, html, htm, appcache, manifest, map, ogv, ogg, mp4, mp3, webp, webm, swf, package, json, md, m4v, jsx, heif, heic.

Recommendation

  • If you are using version 2.1.x, upgrade to 2.1.1 or later.
  • If you are using version 2.2.x, upgrade to 2.2.1 or later.
  • If you are using version 2.3.x, upgrade to 2.3.1 or later.
  • If you are using version 2.4.x, upgrade to 2.4.1 or later.
  • If you are using version 2.5.x, upgrade to 2.5.1 or later.
  • If you are using version 2.6.x, upgrade to 2.6.3 or later.
  • If you are using version 2.7.x, upgrade to 2.7.1 or later.
  • If you are using version 2.8.x, upgrade to 2.8.1 or later.
  • If you are using version 2.9.x, upgrade to 2.9.5 or later.
  • If you are using version 3.0.x, upgrade to 3.0.1 or later.
  • If you are using version 3.1.x, upgrade to 3.1.1 or later.
  • If you are using version 3.2.x, upgrade to 3.2.4 or later.
Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "total.js"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-8903"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:55:54Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of `total.js` are vulnerable to Path Traversal.  Due to insufficient input sanitization in URLs, attackers can access server files outside the `/public` folder by using relative paths.  \nThe files served are limited to these file types: `flac`, `jpg`, `jpeg`, `png`, `gif`, `ico`, `js`, `css`, `txt`, `xml`, `woff`, `woff2`, `otf`, `ttf`, `eot`, `svg`, `zip`, `rar`, `pdf`, `docx`, `xlsx`, `doc`, `xls`, `html`, `htm`, `appcache`, `manifest`, `map`, `ogv`, `ogg`, `mp4`, `mp3`, `webp`, `webm`, `swf`, `package`, `json`, `md`, `m4v`, `jsx`, `heif`, `heic`.\n\n\n## Recommendation\n\n- If you are using version 2.1.x, upgrade to 2.1.1 or later.\n- If you are using version 2.2.x, upgrade to 2.2.1 or later.\n- If you are using version 2.3.x, upgrade to 2.3.1 or later.\n- If you are using version 2.4.x, upgrade to 2.4.1 or later.\n- If you are using version 2.5.x, upgrade to 2.5.1 or later.\n- If you are using version 2.6.x, upgrade to 2.6.3 or later.\n- If you are using version 2.7.x, upgrade to 2.7.1 or later.\n- If you are using version 2.8.x, upgrade to 2.8.1 or later.\n- If you are using version 2.9.x, upgrade to 2.9.5 or later.\n- If you are using version 3.0.x, upgrade to 3.0.1 or later.\n- If you are using version 3.1.x, upgrade to 3.1.1 or later.\n- If you are using version 3.2.x, upgrade to 3.2.4 or later.",
  "id": "GHSA-3q32-j57w-q4w7",
  "modified": "2021-08-31T21:22:06Z",
  "published": "2019-02-20T15:40:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8903"
    },
    {
      "type": "WEB",
      "url": "https://github.com/totaljs/framework/commit/c37cafbf3e379a98db71c1125533d1e8d5b5aef7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b"
    },
    {
      "type": "WEB",
      "url": "https://blog.certimetergroup.com/it/articolo/security/total.js-directory-traversal-cve-2019-8903"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-3q32-j57w-q4w7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/totaljs/framework"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1026"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Path Traversal in total.js"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.