Miggo Logo

CVE-2017-16156: Directory Traversal in myprolyz

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.67352%
Published
9/1/2020
Updated
9/11/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
myprolyznpm>= 0.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information does not include specific code snippets, commit diffs, or file paths from the myprolyz package. While the vulnerability is clearly described (improper path resolution leading to directory traversal), identifying the exact vulnerable functions requires analyzing the package's implementation details, such as how user-supplied URLs are processed and resolved to filesystem paths. Without access to the actual codebase or specific examples of the path-resolution logic, it is not possible to pinpoint the exact functions with high confidence. The vulnerability likely resides in the logic that maps HTTP request paths to filesystem paths without proper sanitization or validation, but this remains an inference rather than a code-backed conclusion.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `myprolyz` r*solv* r*l*tiv* *il* p*t*s, r*sultin* in * *ir**tory tr*v*rs*l vuln*r**ility. * m*li*ious **tor **n us* t*is vuln*r**ility to ****ss *il*s outsi** o* t** int*n*** *ir**tory root, w*i** m*y r*sult in t** *is*losur* o*

Reasoning

T** provi*** in*orm*tion *o*s not in*lu** sp**i*i* *o** snipp*ts, *ommit *i**s, or *il* p*t*s *rom t** `myprolyz` p**k***. W*il* t** vuln*r**ility is *l**rly **s*ri*** (improp*r p*t* r*solution l***in* to *ir**tory tr*v*rs*l), i**nti*yin* t** *x**t v