Moderate severityNVD Advisory· Published Jun 7, 2018· Updated Sep 17, 2024
CVE-2018-3712
CVE-2018-3712
Description
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
servenpm | < 6.4.9 | 6.4.9 |
Affected products
2- Range: Versions before 6.4.9
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-q2qh-cgc2-qhr3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3712ghsaADVISORY
- github.com/vercel/serve/commit/6adad6881c61991da61ebc857857c53409544575ghsaWEB
- github.com/zeit/serve/pull/316ghsax_refsource_MISCWEB
- hackerone.com/reports/307666ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.