CVE-2018-3712

Summary

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.

Affected Software

VendorProductVersion RangeStatus
HackerOneserve node moduleVersions before 6.4.9affected

Weaknesses

  • CWE-22: Path Traversal (CWE-22)

ADP Enrichment

CVE Program Container

Additional References

References