CVE-2020-15779: Path Traversal in socket.io-file
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.6318%
CWE
Published
7/7/2020
Updated
1/9/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
socket.io-file | npm | <= 2.0.31 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from unsanitized use of the 'name' parameter in path.join()
when handling file uploads. The advisory explicitly states the 'socket.io-file::createFile' message passes user-supplied 'name' directly to path.join()
with uploadDir
. Though exact function names aren't visible in provided sources, the core vulnerability manifests in the constructor's file handling logic that processes this message. The high confidence comes from multiple authoritative sources (CVE, GHSA, NVD) explicitly describing this mechanism as the vulnerability vector.