CVE-2018-3715

The CVE-2018-3715 entry is supported by multiple connected records showing a Path Traversal vulnerability in the npm package glance. Affected versions are before 3.0.9 (Red Hat/OSV notes) with related advisories indicating the root cause is lack of validation of the requested path, allowing a mal...

CVE-2018-3712

CVE-2018-3712 affects the Node.js package named “serve” and its static file serving behavior. Versions prior to 6.4.9 fail to properly filter the characters %2e (.) and %2f (/), allowing them in paths and enabling a path-traversal that can list directory contents. The core impact described across...

CVE-2018-3722

The CVE-2018-3722 entry concerns the merge-deep npm module, specifically versions before 3.0.1. A MAID/prototype-pollution flaw via proto enables an attacker to modify the prototype of Object, potentially adding or altering properties that exist on all objects. This can lead to server instability...

CVE-2018-3718

CVE-2018-3718 affects the serve node module and is caused by improper handling of URL encoding, which can permit access to ignored/restricted files when a filename is URL encoded. Connected advisories/documentation (GHSA-5RC4-8QQH-VQ7F; OSV, NVD/CVE record) describe this as a directory traversal-...

CVE-2018-3716

CVE-2018-3716 affects the simplehttpserver Node.js module. The vulnerability is a stored XSS in directory listings caused by lack of validation/sanitization of file names fed into HTML output. Exploitation requires an attacker-controlled filename in the listing; the XSS payload is reflected in th...

CVE-2018-3724

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path...

CVE-2018-3713

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

CVE-2018-3712

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e . and %2f / and allowing them in paths, which allows a malicious user to view the contents of any directory with known path...

CVE-2018-3725

CVE-2018-3725 describes a path-traversal vulnerability in the Node.js module hekto . The issue arises from inadequate validation of the requested file path, allowing a remote attacker to read arbitrary files on a server running hekto (e.g., via crafted URLs with traversal sequences). Several conn...

CVE-2018-3723

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

CVE-2018-3713

CVE-2018-3713 concerns a path-traversal in the node module angular-http-server caused by lack of validation of possibleFilename, allowing a remote attacker to read arbitrary files on the server. Public reports and advisories (GHSA-4RVG-955W-H68Q; OSV; CNVD; PRION; NVD) consistently identify angul...

CVE-2018-3720

The CVE-2018-3720 entry concerns the assign-deep Node.js module. Versions prior to 0.4.7 are affected by a prototype-pollution (MAID) vulnerability that lets an attacker modify Object.prototype via proto , enabling addition or modification of properties that propagate to all objects. Impact is de...

CVE-2018-3732

The CVE-2018-3732 issue affects the resolve-path Node.js module prior to version 1.4.0. It suffers from a path traversal vulnerability due to insufficient validation of certain special-character paths, enabling a malicious user to read contents of files at known paths. Public reports across NVD, ...

CVE-2018-3727

Summary: CVE-2018-3727 affects the 626 Node.js module. All versions are vulnerable to path traversal due to lack of validation of requested file paths, allowing a remote attacker to read arbitrary files on the server hosting the module. Several connected sources (GHSA, OSV, CNVD, CN) corroborate ...

CVE-2018-3714

CVE-2018-3714 affects the Node.js module node-srv via a local file inclusion (path traversal) vulnerability caused by insufficient URL validation. An attacker can read arbitrary files on the server when serving content, as demonstrated across multiple sources (NVD entry, GHSA advisory, OpenVAS/Nu...

CVE-2018-3711

CVE-2018-3711 affects the Fastify node module prior to 0.38.0. A vulnerability allows a denial-of-service by sending a request with Content-Type: application/json and a very large payload, potentially making the service unresponsive. The issue is triggered by processing large JSON payloads; no ex...

PT-2018-16142 · Node.Js · Serve

Name of the Vulnerable Software and Affected Versions: serve node module affected versions not specified Description: The issue is related to improper handling of URL encoding, allowing access to ignored files if a filename is URL encoded. This can potentially lead to unauthorized access to...

PT-2018-16154 · Node.Js · Mcstatic

Name of the Vulnerable Software and Affected Versions: mcstatic versions all Description: The mcstatic node module has a Path Traversal issue due to the lack of validation of the filePath, allowing a malicious user to read the content of any file with a known path. Recommendations: For all...

Path Traversal

node module suffers from a Path Traversal vulnerability due to lack of validation of files, which allows a malicious user to read content of any file with known path...

CVE-2017-0930

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...