VDB
KO
HIGH 7.5

GHSA-cv3v-7846-6pxm

Unauthorized File Access in node-git-server

Details

Versions of `node-git-server` prior to 0.6.1 are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories.

## Recommendation

Upgrade to version 0.6.1 or later.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / node-git-server
Introduced in: 0.2.0 Fixed in: 0.6.1
Fix npm install node-git-server@0.6.1

References