Miggo Logo

CVE-2020-15779: Path Traversal in socket.io-file

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.6318%
Published
7/7/2020
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
socket.io-filenpm<= 2.0.31

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unsanitized use of the 'name' parameter in path.join() when handling file uploads. The advisory explicitly states the 'socket.io-file::createFile' message passes user-supplied 'name' directly to path.join() with uploadDir. Though exact function names aren't visible in provided sources, the core vulnerability manifests in the constructor's file handling logic that processes this message. The high confidence comes from multiple authoritative sources (CVE, GHSA, NVD) explicitly describing this mechanism as the vulnerability vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ll v*rsions o* `so*k*t.io-*il*` *r* vuln*r**l* to P*t* Tr*v*rs*l. T** p**k*** **ils to s*nitiz* us*r input *n* us*s it to **n*r*t* t** *il* uplo** p*t*s. T** `so*k*t.io-*il*::*r**t**il*` m*ss*** *ont*ins * `n*m*` option t**t is p*ss** *ir**tly to `p

Reasoning

T** vuln*r**ility st*ms *rom uns*nitiz** us* o* t** 'n*m*' p*r*m*t*r in `p*t*.join()` w**n **n*lin* *il* uplo**s. T** **visory *xpli*itly st*t*s t** 'so*k*t.io-*il*::*r**t**il*' m*ss*** p*ss*s us*r-suppli** 'n*m*' *ir**tly to `p*t*.join()` wit* `uplo