CVE-2018-3733 Information

Feb 14, 2021 cve

Description

crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url which allows a malicious user to read content of any file with known path.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82 https://hackerone.com/reports/310690 crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url which allows a malicious user to read content of any file with known path.

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5

Share on: