What is CVE-2018-3712?

CVE-2018-3712 is a vulnerability in Hackerone Serve Node Module, classified under Path Traversal. Published 2018-06-07.

Is CVE-2018-3712 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Hackerone Serve Node Module

CVE-2018-3712

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.007 (72.0th percentile) — read the EPSS interpretation.

Affected products

Hackerone Serve Node Module — versions Versions before 6.4.9

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

ossf-cve-benchmark/CVE-2018-3712

References

github.com/zeit/serve/pull/316 (x_refsource_MISC)
hackerone.com/reports/307666 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-3712?: CVE-2018-3712 is a vulnerability in Hackerone Serve Node Module, classified under Path Traversal. Published 2018-06-07.
Is CVE-2018-3712 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.