Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:46043
HistoryMar 27, 2024 - 1:47 p.m.

Path Traversal

2024-03-2713:47:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
78
path traversal
vulnerability
webpack-dev-middleware
unauthorized access
manipulated urls

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.0%

webpack-dev-middleware is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of URL addresses, allowing attackers to access any file on the developer’s machine by manipulating the URL with specific encoded sequences such as %2e or %2f.

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.0%