### [CVE-2017-16198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16198)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

ritp is a static web server. ritp is vulnerable to a directory traversal issue whereby an attacker can gain access to the file system by placing ../ in the URL. Access is restricted to files with a file extension, so files such as /etc/passwd are not accessible.

### POC

#### Reference
- https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/ritp

#### Github
- https://github.com/ARPSyndicate/cvemon