Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:45159
HistoryJan 24, 2024 - 2:03 p.m.

Path Traversal

2024-01-2414:03:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
path traversal
node server
string validation
request url
arbitrary files
static server

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

JSON

@hono/node-server is vulnerable to Path Traversal. The vulnerability is due to improper url string validation in src/request.ts, allowing an attacker to use .. in the request URL to access arbitrary files on the static server.

Related

osv 2
cvelist 1
prion 1
nvd 1
github 1
cve 1
osv
osv
@hono/node-server cannot handle "double dots" in URL
2024-01-23 14:42:51
CVE-2024-23340
2024-01-22 23:15:08
cvelist
cvelist
CVE-2024-23340 @hono/node-server can't handle "double dots" in URL
2024-01-22 23:00:34
prion
prion
Design/Logic Flaw
2024-01-22 23:15:00
nvd
nvd
CVE-2024-23340
2024-01-22 23:15:08
github
github
@hono/node-server cannot handle "double dots" in URL
2024-01-23 14:42:51
cve
cve
CVE-2024-23340
2024-01-22 23:15:08

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.6%

JSON
Related for VERACODE:45159
osv2cvelist1prion1nvd1github1cve1