CVE-2017-16038
HIGHf2e-server < 1.12.11 - Path Traversal via URL Manipulation
Title source: llmDescription
`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/shy2850/node-server/issues/10
Patch x_refsource_misc
https://github.com/shy2850/node-server/pull/12/files
Third Party Advisory x_refsource_misc
https://nodesecurity.io/advisories/346
Scores
CVSS v3
7.5
EPSS
0.0254
EPSS Percentile
83.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
f2e-server_project/f2e-server
< 1.12.11
npm/f2e-server
0 - 1.12.12npm
Published
Jun 04, 2018
Tracked Since
Feb 18, 2026