CVE-2018-3731

HIGH7.5EPSS 0.35%

Path Traversal in public

Published: 7/18/2018Modified: 11/8/2023

Description

Versions of `public` before 0.1.3 are vulnerable to path traversal. This is due to lack of file path sanitization which could lead to any file the parent process has access to on the server to be read by malicious user. ## Recommendation Update to version 0.1.3 or later.

Affected packages (1)

npm/publicfrom 0, < 0.1.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (5)

ADVISORYhttps://github.com/advisories/GHSA-rwv8-jvff-jq28
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-3731
WEBhttps://github.com/tnantoka/public/commit/eae8ad8017b260f8667ded5e12801bd72b877af2
WEBhttps://hackerone.com/reports/312918
WEBhttps://www.npmjs.com/advisories/571