dev-srv (>=0.1.3 <=0.3.1), gfm-srv (>=0.0.2 <=1.1.3) potentially affected by CVE-2018-3714 via node-srv (>=0.3.3 <=1.2.6)

node-srv NPM version =0.3.3, =0.1.3, =0.0.2, =1.1.3 Source cves: CVE-2018-3714 Source advisory: OSV:GHSA-52R9-G5G6-2HJP...

Path Traversal in node-srv

Versions of node-srv before 2.1.1 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses node-srv. Recommendation Update to version 2.1.1 or later...

CVE-2018-3714

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

CVE-2018-3714

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

Path traversal

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

CVE-2018-3714

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path...

CVE-2018-3714

CVE-2018-3714 affects the Node.js module node-srv via a local file inclusion (path traversal) vulnerability caused by insufficient URL validation. An attacker can read arbitrary files on the server when serving content, as demonstrated across multiple sources (NVD entry, GHSA advisory, OpenVAS/Nu...

Path Traversal

Overview Versions of node-srv before 2.1.1 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses node-srv. Recommendation Update to version 2.1.1 or later. References - HackerOne Report - GitHub Advisory...