CVE-2017-16091: Directory Traversal in xtalk
7.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.67352%
CWE
Published
9/1/2020
Updated
9/11/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
xtalk | npm | >= 0.0.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability information does not include specific code snippets, file paths, or function names from the xtalk package. While the vulnerability mechanism (improper path sanitization in URL handling) is clear, the lack of source code access, commit diffs, or explicit function references in advisories makes it impossible to identify specific vulnerable functions with high confidence. Directory traversal vulnerabilities typically involve functions handling file system operations or request path resolution, but without concrete implementation details, we cannot reliably name specific functions or their locations.