HIGH 7.5
GHSA-cv3v-7846-6pxm
Unauthorized File Access in node-git-server
Details
Versions of `node-git-server` prior to 0.6.1 are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories.
## Recommendation
Upgrade to version 0.6.1 or later.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://github.com/gabrielcsapo/node-git-server/pull/62 [WEB]
- https://github.com/gabrielcsapo/node-git-server/commit/ac26650f69bc445d71e4f2c55328676d10a4be43 [WEB]
- https://github.com/gabrielcsapo/node-git-server/commit/fb8d62710e3d78c796e04a33fcff66cea3f212f3 [WEB]
- https://github.com/gabrielcsapo/node-git-server [PACKAGE]
- https://github.com/gabrielcsapo/node-git-server/blob/0.2.0/lib/git.js [WEB]
- https://github.com/gabrielcsapo/node-git-server/tree/0.1.0 [WEB]
- https://snyk.io/vuln/SNYK-JS-NODEGITSERVER-474343 [WEB]