CVE-2018-3744

Critical

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

hackerone·CWE-35·Published 2018-05-29

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

136 chars

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

NVDen

136 chars

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

Versions of `html-pages` before 2.1.0 are vulnerable to path traversal. ## Recommendation Update to version 2.1.0 or later.

GHSAen

126 chars

Versions of `html-pages` before 2.1.0 are vulnerable to path traversal. ## Recommendation Update to version 2.1.0 or later.

NVDes

143 chars

El módulo html-pages contiene vulnerabilidades de salto de directorio que permiten que un atacante lea cualquier archivo del servidor con cURL.

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H