CVE-2018-3727

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.

Published : 2018-06-07 02:29 Updated : 2019-10-09 23:40

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
626 Project 626 1.1.1 cpe:/a:626_project:626:1.1.1::~~~node.js~~
  1. 626 Project (1) Search CVE
    1. 626 (1) Search CVE
      1. 1.1.1

CWE

ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

Reference

History of changes

Date Event
2018-07-20 18:14
2018-06-07 02:29

New CVE