<< Back to security report
Repositoryone-man-company/skills-contextmanager →
Commit955f766 →
VerdictFAIL
Score0
DateMay 24, 2026
| Severity | Rule | Message | File:Line |
|---|---|---|---|
| HIGH | generic_path_traversal | Untrusted user input in createReadStream()/readFile()/readFileSync()/readFileAsync() can end up in Directory Traversal Attack. A Directory Traversal Attack (also known as Path Traversal Attack) is a type of security vulnerability that occurs when an attacker is able to access files or directories on a server that are outside the intended directory structure. This attack leverages insufficient validation or sanitization of user inputs in applications that interact with the file system. Strictly validate user inputs. Ensure that user-supplied paths do not include sequences like ../ or ..\\ that could traverse directories. In Node.js, use the path module to safely handle and resolve file paths. The path.normalize() function can be used to ensure that paths do not go outside the intended directory. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| HIGH | generic_path_traversal | Untrusted user input in createReadStream()/readFile()/readFileSync()/readFileAsync() can end up in Directory Traversal Attack. A Directory Traversal Attack (also known as Path Traversal Attack) is a type of security vulnerability that occurs when an attacker is able to access files or directories on a server that are outside the intended directory structure. This attack leverages insufficient validation or sanitization of user inputs in applications that interact with the file system. Strictly validate user inputs. Ensure that user-supplied paths do not include sequences like ../ or ..\\ that could traverse directories. In Node.js, use the path module to safely handle and resolve file paths. The path.normalize() function can be used to ensure that paths do not go outside the intended directory. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| HIGH | generic_path_traversal | Untrusted user input in createReadStream()/readFile()/readFileSync()/readFileAsync() can end up in Directory Traversal Attack. A Directory Traversal Attack (also known as Path Traversal Attack) is a type of security vulnerability that occurs when an attacker is able to access files or directories on a server that are outside the intended directory structure. This attack leverages insufficient validation or sanitization of user inputs in applications that interact with the file system. Strictly validate user inputs. Ensure that user-supplied paths do not include sequences like ../ or ..\\ that could traverse directories. In Node.js, use the path module to safely handle and resolve file paths. The path.normalize() function can be used to ensure that paths do not go outside the intended directory. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| HIGH | generic_path_traversal | Untrusted user input in createReadStream()/readFile()/readFileSync()/readFileAsync() can end up in Directory Traversal Attack. A Directory Traversal Attack (also known as Path Traversal Attack) is a type of security vulnerability that occurs when an attacker is able to access files or directories on a server that are outside the intended directory structure. This attack leverages insufficient validation or sanitization of user inputs in applications that interact with the file system. Strictly validate user inputs. Ensure that user-supplied paths do not include sequences like ../ or ..\\ that could traverse directories. In Node.js, use the path module to safely handle and resolve file paths. The path.normalize() function can be used to ensure that paths do not go outside the intended directory. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| HIGH | generic_path_traversal | Untrusted user input in createReadStream()/readFile()/readFileSync()/readFileAsync() can end up in Directory Traversal Attack. A Directory Traversal Attack (also known as Path Traversal Attack) is a type of security vulnerability that occurs when an attacker is able to access files or directories on a server that are outside the intended directory structure. This attack leverages insufficient validation or sanitization of user inputs in applications that interact with the file system. Strictly validate user inputs. Ensure that user-supplied paths do not include sequences like ../ or ..\\ that could traverse directories. In Node.js, use the path module to safely handle and resolve file paths. The path.normalize() function can be used to ensure that paths do not go outside the intended directory. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | join_resolve_path_traversal | Path constructed with user input can result in Path Traversal. Ensure that user input does not reach `join()` or `resolve()`. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | node_insecure_random_generator | crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | node_insecure_random_generator | crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |
| MEDIUM | node_insecure_random_generator | crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator. | one-man-company/skills-contextmanager/vulnerability-scanner-92dfb7f1/Skill-ContextManager/server.js:0 → |