Information Disclosure: Node ecstatic Internal Path - Exposure¶

Identifier: node_ecstatic_internal_path

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

Node ecstatic internal path exposure vulnerabilities can reveal sensitive file system paths that should not be publicly accessible.

How we test: We test for internal path exposure vulnerabilities in Node ecstatic by attempting to access internal paths and analyzing responses to detect if sensitive file system information is exposed.

Reference:

https://tripla.dk/2020/03/26/multiple-vulnerabilities-in-nodejs-ecstatic-http-server-http-party/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  node_ecstatic_internal_path:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.