Vulnerability in Hackerone Serve Node Module

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

EPSS: 0.002 (47.7th percentile) — read the EPSS interpretation.

Affected products

Hackerone Serve Node Module — versions All versions

Weakness classification (CWE)

CWE-177

Public proof-of-concept exploits

ossf-cve-benchmark/CVE-2018-3718

References

hackerone.com/reports/308721 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-3718?: CVE-2018-3718 is a vulnerability in Hackerone Serve Node Module, classified under CWE-177. Published 2018-06-07.
Is CVE-2018-3718 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.