CVE-2020-36651
Path Traversal in web-node-server
7.5
HIGH
CVSS 3.1
EPSS 0.33%
Description
A vulnerability has been found in youngerheart nodeserver and classified as critical. Affected by this vulnerability is an unknown functionality of the file nodeserver.js. The manipulation leads to path traversal. The name of the patch is c4c0f0138ab5afbac58e03915d446680421bde28. It is recommended to apply a patch to fix this issue. The identifier VDB-218461 was assigned to this vulnerability.
How to fix CVE-2020-36651
To remediate CVE-2020-36651, upgrade the affected package to a fixed version below.
- —upgrade to 0.0.11 or later
Is CVE-2020-36651 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.0.11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |