GHSA-r4r9-mgjc-g6q3

Source

https://github.com/advisories/GHSA-r4r9-mgjc-g6q3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-r4r9-mgjc-g6q3/GHSA-r4r9-mgjc-g6q3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r4r9-mgjc-g6q3

Aliases

CVE-2018-3727

Published

2020-09-01T19:06:15Z

Modified

2023-11-08T04:00:17.549696Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Path Traversal in 626

Details

All versions of 626 are vulnerable to path traversal. This enables a remote attacker to read arbitrary files from the remote server using this module.

Recommendation

No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time.

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:28:44Z",
    "nvd_published_at": "2018-06-07T02:29:00Z",
    "severity": "HIGH"
}

References

Affected packages

npm / 626

Package

Name: 626; View open source insights on deps.dev
Purl: pkg:npm/626

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-r4r9-mgjc-g6q3/GHSA-r4r9-mgjc-g6q3.json"