exploitDog

CVE-2018-3744

Опубликовано: 29 мая 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

Ссылки

https://github.com/danielcardoso/html-pages/issues/2
Issue Tracking
Third Party Advisory
https://hackerone.com/reports/306607
Exploit
Issue Tracking
Third Party Advisory
https://github.com/danielcardoso/html-pages/issues/2
Issue Tracking
Third Party Advisory
https://hackerone.com/reports/306607
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:html-pages_project:html-pages:2.0.7:*:*:*:*:node.js:*:*

EPSS

Процентиль: 62%

0.00426

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-35

CWE-22

Связанные уязвимости

GHSA-fm87-46vv-jqrr

CVSS3: 9.8

github

больше 7 лет назад

Path Traversal in html-pages

EPSS

Процентиль: 62%

0.00426

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-35

CWE-22