Path Traversal Vulnerability in Serve Node Module (before 6.4.9) Allows Unauthorized Directory Access

Path Traversal Vulnerability in Serve Node Module (before 6.4.9) Allows Unauthorized Directory Access

CVE-2018-3712 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.

Learn more about our User Device Pen Test.