Lucene search

[email protected]CVE-2023-46496

HistoryDec 08, 2023 - 8:15 p.m.

CVE-2023-46496

2023-12-0820:15:07

CWE-22

[email protected]

web.nvd.nist.gov

cve-2023-46496

directory traversal

evershop

npm

remote attacker

sensitive information

crafted request

delete function

api

files endpoint

vulnerability

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.

Affected configurations

NVD

Node

evershopevershopMatch1.0.0betanode.js

evershopevershopMatch1.0.0beta1node.js

evershopevershopMatch1.0.0beta2node.js

evershopevershopMatch1.0.0beta3node.js

evershopevershopMatch1.0.0beta4node.js

evershopevershopMatch1.0.0beta5node.js

evershopevershopMatch1.0.0rc1node.js

evershopevershopMatch1.0.0rc2node.js

evershopevershopMatch1.0.0rc3node.js

evershopevershopMatch1.0.0rc5node.js

evershopevershopMatch1.0.0rc6node.js

evershopevershopMatch1.0.0rc7node.js

CPENameOperatorVersion
evershop:evershopevershopeq1.0.0

CPE	Name	Operator	Version
evershop:evershop	evershop	eq	1.0.0

References

devhub.checkmarx.com/cve-details/CVE-2023-46496/

devhub.checkmarx.com/cve-details/Cx943be66a-54cc/

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.4%

JSON

Related for CVE-2023-46496

prion1 cvelist1 nvd1 github1 osv1