Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-14849 PoC — Joyent Node.js 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-14849.yaml
Associated Vulnerability
Title:Joyent Node.js 安全漏洞 (CVE-2017-14849)
Description:Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。该平台主要用于构建高度可伸缩的应用程序,以及编写能够处理数万条且同时连接到一个物理机的连接代码。 Joyent Node.js 8.6.0之前的8.5.0版本中存在安全漏洞。远程攻击者可利用该漏洞访问敏感文件。
Description
Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules.
File Snapshot

 id: CVE-2017-14849

info:
  name: Node.js <8.6.0 - Directory Traversal
  author: Random_Robbie
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.