Lucene search

CVE-2018-3732

🗓️ 07 Jun 2018 02:08:29Reported by hackeroneType

CVE-2018-3732 resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, allowing malicious file read

Reporter	Title	Published	Views	Family All 10
Prion	Path traversal	7 Jun 201802:29	–	prion
Hacker One	Node.js third-party modules: Path Traversal on Resolve-Path	13 Feb 201821:48	–	hackerone
Node.js	Path Traversal	20 Apr 201821:48	–	nodejs
OSV	Path Traversal in resolve-path	18 Jul 201821:20	–	osv
OSV	CVE-2018-3732	7 Jun 201802:29	–	osv
Veracode	Path Traversal	23 Feb 201802:43	–	veracode
NVD	CVE-2018-3732	7 Jun 201802:29	–	nvd
Github Security Blog	Path Traversal in resolve-path	18 Jul 201821:20	–	github
Cvelist	CVE-2018-3732	7 Jun 201802:00	–	cvelist
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software	10 Sep 202017:03	–	ibm

Nvd

Vulners

Node

resolve-path_project resolve-pathRange<1.4.0node.js

[
  {
    "product": "resolve-path node module",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "Versions before 1.4.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/pillarjs/resolve-path/commit/fe5b8052cafd35fcdafe9210e100e9050b37d2a0
hackerone	www.hackerone.com/reports/315760

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Jun 2018 02:29Current

7.3High risk

Vulners AI Score7.3

CVSS25

CVSS37.5

EPSS0.00585

CWE-22