CVE-2017-18355

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-18355

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18355.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-18355

Aliases

GHSA-vqmr-957g-r7w3

Published

2018-12-17T07:29:00Z

Modified

2025-01-15T00:01:33Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Installed packages are exposed by nodemodules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "where" attribute of package.json files.

References

Affected packages

Git / github.com/googlechrome/rendertron

Affected ranges

Type: GIT
Repo: https://github.com/googlechrome/rendertron
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8d70628c96ae72eff6eebb451d26fc9ed6b58b0e

Fixed

8d70628c96ae72eff6eebb451d26fc9ed6b58b0e