CVE-2018-3715

The CVE-2018-3715 entry is supported by multiple connected records showing a Path Traversal vulnerability in the npm package glance. Affected versions are before 3.0.9 (Red Hat/OSV notes) with related advisories indicating the root cause is lack of validation of the requested path, allowing a mal...

CVE-2018-3712

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e . and %2f / and allowing them in paths, which allows a malicious user to view the contents of any directory with known path...

CVE-2018-3711

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload...

CVE-2018-3713

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

CVE-2018-3713

CVE-2018-3713 concerns a path-traversal in the node module angular-http-server caused by lack of validation of possibleFilename, allowing a remote attacker to read arbitrary files on the server. Public reports and advisories (GHSA-4RVG-955W-H68Q; OSV; CNVD; PRION; NVD) consistently identify angul...

CVE-2018-3714

CVE-2018-3714 affects the Node.js module node-srv via a local file inclusion (path traversal) vulnerability caused by insufficient URL validation. An attacker can read arbitrary files on the server when serving content, as demonstrated across multiple sources (NVD entry, GHSA advisory, OpenVAS/Nu...

CVE-2018-3720

The CVE-2018-3720 entry concerns the assign-deep Node.js module. Versions prior to 0.4.7 are affected by a prototype-pollution (MAID) vulnerability that lets an attacker modify Object.prototype via proto , enabling addition or modification of properties that propagate to all objects. Impact is de...

CVE-2018-3723

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

CVE-2018-3722

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

CVE-2018-3727

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3722

The CVE-2018-3722 entry concerns the merge-deep npm module, specifically versions before 3.0.1. A MAID/prototype-pollution flaw via proto enables an attacker to modify the prototype of Object, potentially adding or altering properties that exist on all objects. This can lead to server instability...

CVE-2018-3730

The CVE-2018-3730 entry concerns the mcstatic Node.js module, where a Path Traversal flaw arises from insufficient validation of the filePath, enabling reading of arbitrary server files. Public documents corroborate that all versions of mcstatic are affected and that exploitation is feasible via ...

CVE-2018-3711

CVE-2018-3711 affects the Fastify node module prior to 0.38.0. A vulnerability allows a denial-of-service by sending a request with Content-Type: application/json and a very large payload, potentially making the service unresponsive. The issue is triggered by processing large JSON payloads; no ex...

CVE-2018-3719

CVE-2018-3719 affects the Node.js module mixin-deep (versions before 1.3.1). The vulnerability is a prototype pollution (MAID) flaw that lets an attacker modify Object.prototype via proto , causing addition or modification of properties that exist on all objects. Affected versions are explicitly ...

CVE-2018-3731

CVE-2018-3731 affects the public Node.js module (versions prior to 0.1.3). The vulnerability stems from lack of validation/sanitization of filePath, enabling a path traversal attack that lets an attacker read arbitrary files on the server where the module runs. Impact is read access to files; no ...

PT-2018-16154 · Node.Js · Mcstatic

Name of the Vulnerable Software and Affected Versions: mcstatic versions all Description: The mcstatic node module has a Path Traversal issue due to the lack of validation of the filePath, allowing a malicious user to read the content of any file with a known path. Recommendations: For all...

PT-2018-16142 · Node.Js · Serve

Name of the Vulnerable Software and Affected Versions: serve node module affected versions not specified Description: The issue is related to improper handling of URL encoding, allowing access to ignored files if a filename is URL encoded. This can potentially lead to unauthorized access to...

Path Traversal

node module suffers from a Path Traversal vulnerability due to lack of validation of files, which allows a malicious user to read content of any file with known path...

CVE-2017-0930

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

CVE-2017-0930

augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...