Lucene search

K
githubGitHub Advisory DatabaseGHSA-M2Q3-53FQ-7H66
HistoryAug 28, 2018 - 10:33 p.m.

Gollum Exposure of Sensitive Information

2018-08-2822:33:51
CWE-200
GitHub Advisory Database
github.com
7

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by leveraging the lack of a certain temporary-file check.

Affected configurations

Vulners
Node
github_advisory_databasegollumRange<4.0.1
CPENameOperatorVersion
gollumlt4.0.1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.4%

Related for GHSA-M2Q3-53FQ-7H66