CVE-2018-3713 — Path Traversal in angular-http-server

Description

Affected versions of `angular-http-server` are vulnerable to path traversal allowing a remote attacker to read files from the server that uses `angular-http-server`. ## Recommendation Update to version 1.6.0 or later. :exclamation: Note: This was originally thought to be fixed in version 1.4.3, though according to [this issue](https://github.com/ossf-cve-benchmark/ossf-cve-benchmark/issues/117#issuecomment-803872454) the vulnerability was not completely fixed until version 1.6.0.

How to fix CVE-2018-3713

To remediate CVE-2018-3713, upgrade the affected package to a fixed version below.

—upgrade to 1.6.0 or later

Is CVE-2018-3713 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.6.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (6)

ADVISORYgithub.com/advisories/GHSA-4rvg-955w-h68q
ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-3713
WEBgithub.com/simonh1000/angular-http-server/commit/34d4bd0cd0f00c46db30855a8c4aabae27eb0ac8
WEBgithub.com/simonh1000/angular-http-server/pull/21