CVE-2017-16192: Directory Traversal in getcityapi.yoehoehne
7.5
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.67306%
CWE
Published
7/23/2018
Updated
9/11/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
getcityapi.yoehoehne | npm | <= 0.0.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper path sanitization when processing user-controlled input (URL paths). While no explicit code is shown, the described behavior matches a common pattern in Node.js servers where request paths are directly mapped to filesystem paths. The lack of normalization/validation before passing to file I/O functions (like fs.readFile) creates the traversal vulnerability. The high confidence comes from the vulnerability's technical description matching this well-known anti-pattern, even without explicit code examples.