CVE-2018-3733

描述

Versions of `crud-file-server` prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. ## Recommendation Upgrade to version 0.9.0 or later.

受影響套件(1)

• npm/crud-file-serverfrom 0, < 0.9.0

CVSS 分數

參考連結(5)

• ADVISORYhttps://github.com/advisories/GHSA-vfp9-gwrh-wq9g
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-3733
• WEBhttps://github.com/omphalos/crud-file-server/commit/4fc3b404f718abb789f4ce4272c39c7a138c7a82
• WEBhttps://hackerone.com/reports/310690
• WEBhttps://www.npmjs.com/advisories/1003