PT-2018-16157 · Unknown · Crud-File-Server

·

CVE-2018-3733

·

Published

2018-05-29

·

Updated

2023-02-28

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions crud-file-server versions prior to 0.9.0
Description The issue arises from incorrect validation of URLs, allowing a malicious user to read the content of any file with a known path due to a Path Traversal vulnerability. This is because the package fails to sanitize URLs, enabling attackers to access server files outside of the served folder using relative paths.
Recommendations Upgrade to version 0.9.0 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2018-3733
GHSA-VFP9-GWRH-WQ9G

Affected Products

Crud-File-Server