-
-
Notifications
You must be signed in to change notification settings - Fork 231
Expand file tree
/
Copy pathCVE-2016-1000305.yml
More file actions
31 lines (29 loc) · 1.31 KB
/
CVE-2016-1000305.yml
File metadata and controls
31 lines (29 loc) · 1.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
---
gem: guard-livereload
cve: 2016-1000305
url: https://github.com/guard/guard-livereload/issues/159
title: Directory traversal vulnerability in guard-livereload
date: 2016-12-30
description: |
A directory traversal vulnerability exists in guard-livereload before version 2.5.2.
The vulnerability allows remote attackers to read arbitrary files on the server
by exploiting improper path validation in the livereload server functionality.
This vulnerability is related to the handling of file paths in the livereload
server component, which could allow an attacker to traverse directories and
access files outside the intended web root directory.
The issue was identified and reported through the DWF (Distributed Weakness Filing)
project, which assigns CVE identifiers for security vulnerabilities.
cvss_v2: 5.0
cvss_v3: 7.5
unaffected_versions:
- ">= 2.5.2"
patched_versions:
- ">= 2.5.2"
related:
url:
- https://github.com/guard/guard-livereload/issues/159
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000305
notes: |
This vulnerability was assigned CVE-2016-1000305 by the DWF (Distributed Weakness Filing)
project. The gem has not been released after fixing this vulnerability in version 2.5.2.
Users should consider migrating to rack-livereload as an alternative.