GHSA-3hvm-hgpw-rx4j

Source

https://github.com/advisories/GHSA-3hvm-hgpw-rx4j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-3hvm-hgpw-rx4j/GHSA-3hvm-hgpw-rx4j.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3hvm-hgpw-rx4j

Aliases

CVE-2018-16475

Published

2018-11-06T23:11:10Z

Modified

2023-11-08T04:00:00.069813Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Path Traversal in knightjs

Details

All versions of knightjs are vulnerable to Path Traversal.

This vulnerability allows an attacker to read content of arbitrary files on the server due to lack of input validation.

Recommendation

As there is currently no fix for this module we recommend not using this module in production environments.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed_at": "2020-06-16T20:55:20Z",
    "github_reviewed": true,
    "severity": "HIGH"
}

References

Affected packages

npm / knightjs

Package

Name: knightjs; View open source insights on deps.dev
Purl: pkg:npm/knightjs

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.0.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-3hvm-hgpw-rx4j/GHSA-3hvm-hgpw-rx4j.json"