CVE-2018-3731 – public

Package

Manager: npm
Name: public
Vulnerable Version: >=0 <0.1.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0064 pctl0.69641

Details

Path Traversal in public Versions of `public` before 0.1.3 are vulnerable to path traversal. This is due to lack of file path sanitization which could lead to any file the parent process has access to on the server to be read by malicious user. ## Recommendation Update to version 0.1.3 or later.

Metadata

Created: 2018-07-18T21:20:30Z
Modified: 2023-01-31T01:37:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-rwv8-jvff-jq28/GHSA-rwv8-jvff-jq28.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-rwv8-jvff-jq28
Finding: F063
Auto approve: 1