CVE-2018-3731

HIGH7.5EPSS 0.35%

Path Traversal in public

發布日:2018/7/18修改日:2023/11/8

描述

Versions of `public` before 0.1.3 are vulnerable to path traversal. This is due to lack of file path sanitization which could lead to any file the parent process has access to on the server to be read by malicious user. ## Recommendation Update to version 0.1.3 or later.

受影響套件(1)

npm/publicfrom 0, < 0.1.3

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

參考連結(5)

ADVISORYhttps://github.com/advisories/GHSA-rwv8-jvff-jq28
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-3731
WEBhttps://github.com/tnantoka/public/commit/eae8ad8017b260f8667ded5e12801bd72b877af2
WEBhttps://hackerone.com/reports/312918
WEBhttps://www.npmjs.com/advisories/571