Miggo Logo

CVE-2017-16192: Directory Traversal in getcityapi.yoehoehne

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.67306%
Published
7/23/2018
Updated
9/11/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
getcityapi.yoehoehnenpm<= 0.0.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper path sanitization when processing user-controlled input (URL paths). While no explicit code is shown, the described behavior matches a common pattern in Node.js servers where request paths are directly mapped to filesystem paths. The lack of normalization/validation before passing to file I/O functions (like fs.readFile) creates the traversal vulnerability. The high confidence comes from the vulnerability's technical description matching this well-known anti-pattern, even without explicit code examples.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `**t*ity*pi.yo**o**n*` r*solv* r*l*tiv* *il* p*t*s, r*sultin* in * *ir**tory tr*v*rs*l vuln*r**ility. * m*li*ious **tor **n us* t*is vuln*r**ility to ****ss *il*s outsi** o* t** int*n*** *ir**tory root, w*i** m*y r*sult in t** *i

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* s*nitiz*tion w**n pro**ssin* us*r-*ontroll** input (URL p*t*s). W*il* no *xpli*it *o** is s*own, t** **s*ri*** ****vior m*t***s * *ommon p*tt*rn in No**.js s*rv*rs w**r* r*qu*st p*t*s *r* *ir**tly m*pp** to