CVE-2018-3732

The CVE-2018-3732 issue affects the resolve-path Node.js module prior to version 1.4.0. It suffers from a path traversal vulnerability due to insufficient validation of certain special-character paths, enabling a malicious user to read contents of files at known paths. Public reports across NVD, ...

PT-2018-16156 · Node · Resolve-Path

Name of the Vulnerable Software and Affected Versions: resolve-path versions prior to 1.4.0 Description: The issue arises from a lack of validation of paths containing certain special characters in the resolve-path node module, allowing a malicious user to read the content of any file with a know...

Path Traversal

Overview Versions of resolve-path before 1.4.0 are vulnerable to path traversal. resolve-path relative path resolving suffers from a lack of file path sanitization for windows based paths. Recommendation Update to version 1.4.0 or later. References - HackerOne Report - GitHub Advisory...

Path Traversal

resolve-path is vulnerable path traversal attacks. A malicious user can access areas outside of the intended target directory by using a url containing ../...

Node.js third-party modules: Path Traversal on Resolve-Path

The author of resolve-path told me that I can submit this to here. The vulnerability already reported to the author and got a fixed! Module module name: resolve-path version: 1.3.3 npm page: https://www.npmjs.com/package/resolve-path Description Resolve a relative path against a root path with...