What is CVE-2018-3714?

CVE-2018-3714 is a vulnerability in Hackerone Node-srv Node Module, classified under Path Traversal. Published 2018-06-07.

Is CVE-2018-3714 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Hackerone Node-srv Node Module

CVE-2018-3714

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.726 (98.8th percentile) — read the EPSS interpretation.

Affected products

Hackerone Node-srv Node Module — versions All versions

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
d4n-sec/d4n-sec.github.io
merlinepedra/nuclei-templates
merlinepedra25/nuclei-templates
sobinge/nuclei-templates

References

hackerone.com/reports/309124 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-3714?: CVE-2018-3714 is a vulnerability in Hackerone Node-srv Node Module, classified under Path Traversal. Published 2018-06-07.
Is CVE-2018-3714 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.