resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
References
Link | Resource |
---|---|
https://hackerone.com/reports/315760 | Exploit Third Party Advisory |
https://github.com/pillarjs/resolve-path/commit/fe5b8052cafd35fcdafe9210e100e9050b37d2a0 | Patch Third Party Advisory |
Configurations
Information
Published : 2018-06-06 19:29
Updated : 2023-02-28 09:49
NVD link : CVE-2018-3732
Mitre link : CVE-2018-3732
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
resolve-path_project
- resolve-path