GHSA-w4pv-w56c-mg4v

Опубликовано: 18 июл. 2018

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Path Traversal in stattic

Versions of stattic before 0.3.0 are vulnerable to path traversal allowing a remote attacker to read arbitrary files with any extension from the server that users stattic.

Recommendation

Update to version 0.3.0 or later.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2018-3734
https://hackerone.com/reports/319003
https://github.com/advisories/GHSA-w4pv-w56c-mg4v
https://www.npmjs.com/advisories/591

Пакеты

Наименование

stattic

npm

Затронутые версииВерсия исправления

< 0.3.0

0.3.0

EPSS

Процентиль: 68%

0.00565

Низкий

7.5 High

CVSS3

CVE ID

CVE-2018-3734

Дефекты

CWE-22

Связанные уязвимости

CVE-2018-3734

CVSS3: 7.5

nvd

больше 7 лет назад

stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.

EPSS

Процентиль: 68%

0.00565

Низкий

7.5 High

CVSS3

CVE ID

CVE-2018-3734

Дефекты

CWE-22