Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0cjktbWdqYy1nNnEz

Path Traversal in 626

All versions of 626 are vulnerable to path traversal. This enables a remote attacker to read arbitrary files from the remote server using this module.

Recommendation

No fix is currently available for this vulnerability.
It is our recommendation to not install or use this module at this time.

Permalink: https://github.com/advisories/GHSA-r4r9-mgjc-g6q3
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0cjktbWdqYy1nNnEz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 4 years ago
Updated: over 1 year ago


CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Percentage: 0.00711
EPSS Percentile: 0.80248

Identifiers: GHSA-r4r9-mgjc-g6q3, CVE-2018-3727
References: Blast Radius: 1.0

Affected Packages

npm:626
Affected Version Ranges: >= 0.0.0
No known fixed version