GHSA-4rvg-955w-h68q

Опубликовано: 26 июл. 2018

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Path Traversal in angular-http-server

Affected versions of angular-http-server are vulnerable to path traversal allowing a remote attacker to read files from the server that uses angular-http-server.

Recommendation

Update to version 1.6.0 or later.

:exclamation: Note: This was originally thought to be fixed in version 1.4.3, though according to this issue the vulnerability was not completely fixed until version 1.6.0.

Ссылки

Пакеты

Наименование

angular-http-server

npm

Затронутые версииВерсия исправления

< 1.6.0

1.6.0

EPSS

Процентиль: 70%

0.0063

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-3713

Дефекты

CWE-22

Связанные уязвимости

CVE-2018-3713

CVSS3: 6.5

nvd

больше 7 лет назад

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.

EPSS

Процентиль: 70%

0.0063

Низкий

6.5 Medium

CVSS3

CVE ID

CVE-2018-3713

Дефекты

CWE-22