GHSA-vfp9-gwrh-wq9g

Source

https://github.com/advisories/GHSA-vfp9-gwrh-wq9g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-vfp9-gwrh-wq9g/GHSA-vfp9-gwrh-wq9g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vfp9-gwrh-wq9g

Aliases

CVE-2018-3733

Published

2018-07-18T21:20:19Z

Modified

2023-11-08T04:00:17.918898Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Path Traversal in crud-file-server

Details

Versions of crud-file-server prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.

Recommendation

Upgrade to version 0.9.0 or later.

Database specific

{
    "github_reviewed_at": "2020-06-16T21:57:36Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "nvd_published_at": "2018-05-29T20:29:00Z",
    "severity": "HIGH",
    "github_reviewed": true
}

References

Affected packages

npm / crud-file-server

Package

Name: crud-file-server; View open source insights on deps.dev
Purl: pkg:npm/crud-file-server

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.0