CVE-2014-3744

Опубликовано: 23 окт. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.

Ссылки

http://www.openwall.com/lists/oss-security/2014/05/13/1
Mailing List
http://www.openwall.com/lists/oss-security/2014/05/15/2
Mailing List
http://www.securityfocus.com/bid/67389
Third Party Advisory
VDB Entry
https://github.com/isaacs/st
Third Party Advisory
https://nodesecurity.io/advisories/st_directory_traversal
Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/13/1
Mailing List
http://www.openwall.com/lists/oss-security/2014/05/15/2
Mailing List
http://www.securityfocus.com/bid/67389
Third Party Advisory
VDB Entry
https://github.com/isaacs/st
Third Party Advisory
https://nodesecurity.io/advisories/st_directory_traversal
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*

Версия до 0.2.4 (включая)

EPSS

Процентиль: 98%

0.48753

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-69rr-wvh9-6c4q