Miggo Logo
Miggo Vulnerability Database
CVE-2017-16091

CVE-2017-16091: Directory Traversal in xtalk

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-16091
GHSA ID
GHSA-cqv6-7fwc-8m3c
EPSS Score
0.67352%
CWE
CWE-22
Published
9/1/2020
Updated
9/11/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
xtalknpm>= 0.0.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information does not include specific code snippets, file paths, or function names from the xtalk package. While the vulnerability mechanism (improper path sanitization in URL handling) is clear, the lack of source code access, commit diffs, or explicit function references in advisories makes it impossible to identify specific vulnerable functions with high confidence. Directory traversal vulnerabilities typically involve functions handling file system operations or request path resolution, but without concrete implementation details, we cannot reliably name specific functions or their locations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `xt*lk` *r* vuln*r**l* to *ir**tory tr*v*rs*l, *llowin* ****ss to t** *il*syst*m *y pl**in* "../" in t** URL. ***x*mpl* r*qu*st:** ```*ttp **T /../../../../../../../../../../*t*/p*ssw* *TTP/*.* *ost:lo**l*ost ``` ## R**omm*n

Reasoning

T** provi*** vuln*r**ility in*orm*tion *o*s not in*lu** sp**i*i* *o** snipp*ts, *il* p*t*s, or *un*tion n*m*s *rom t** xt*lk p**k***. W*il* t** vuln*r**ility m****nism (improp*r p*t* s*nitiz*tion in URL **n*lin*) is *l**r, t** l**k o* sour** *o** ***