GHSA-rwv8-jvff-jq28

Опубликовано: 18 июл. 2018

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Path Traversal in public

Versions of public before 0.1.3 are vulnerable to path traversal. This is due to lack of file path sanitization which could lead to any file the parent process has access to on the server to be read by malicious user.

Recommendation

Update to version 0.1.3 or later.

Ссылки

Пакеты

Наименование

public

npm

Затронутые версииВерсия исправления

<= 0.1.2

0.1.3

EPSS

Процентиль: 58%

0.00362

Низкий

7.5 High

CVSS3

CVE ID

CVE-2018-3731

Дефекты

CWE-22

Связанные уязвимости

CVE-2018-3731

CVSS3: 7.5

nvd

больше 7 лет назад

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

EPSS

Процентиль: 58%

0.00362

Низкий

7.5 High

CVSS3

CVE ID

CVE-2018-3731

Дефекты

CWE-22