High severity7.5NVD Advisory· Published Oct 23, 2017· Updated May 13, 2026

CVE-2014-3744

Description

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
stnpm	< 0.2.5	0.2.5

Affected products

Node.js/Node.js
cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*
Range: <=0.2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/67389nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-69rr-wvh9-6c4qghsaADVISORY
nodesecurity.io/advisories/st_directory_traversalnvdThird Party Advisory
nvd.nist.gov/vuln/detail/CVE-2014-3744ghsaADVISORY
www.openwall.com/lists/oss-security/2014/05/13/1nvdMailing ListWEB
www.openwall.com/lists/oss-security/2014/05/15/2nvdMailing ListWEB
www.npmjs.com/advisories/36ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.063
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000