Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0cjktbWdqYy1nNnEz
Path Traversal in 626
All versions of 626
are vulnerable to path traversal. This enables a remote attacker to read arbitrary files from the remote server using this module.
Recommendation
No fix is currently available for this vulnerability.
It is our recommendation to not install or use this module at this time.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0cjktbWdqYy1nNnEz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 4 years ago
Updated: over 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.00449
EPSS Percentile: 0.75532
Identifiers: GHSA-r4r9-mgjc-g6q3, CVE-2018-3727
References:
- https://hackerone.com/reports/311216
- https://nvd.nist.gov/vuln/detail/CVE-2018-3727
- https://github.com/advisories/GHSA-r4r9-mgjc-g6q3
Affected Packages
npm:626
Affected Version Ranges: >= 0.0.0No known fixed version