Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for serve by zeit

    VAR-201806-1519

    Vulnerability from variot - Updated: 2024-11-23 22:41

    serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. serve node The module contains a path traversal vulnerability.Information may be obtained. Serve is a static file server that is primarily used to deploy local single-page applications or static files. A path traversal vulnerability exists in versions prior to serve6.4.9 that caused the program to fail to adequately filter the %2e(.) and %2f(/) characters in the url

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-1519",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "serve",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "zeit",
            "version": "6.4.9"
          },
          {
            "model": "serve",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "serve",
            "version": "6.4.9"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "2.4.0"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "3.2.8"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "2.3.0"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "3.2.5"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "3.2.9"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "2.1.2"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "2.4.1"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "2.2.0"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "3.2.7"
          },
          {
            "model": "serve",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "zeit",
            "version": "3.2.6"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3712"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:zeit:serve",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          }
        ]
      },
      "cve": "CVE-2018-3712",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-3712",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-11967",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-3712",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-3712",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-3712",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-11967",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201806-429",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3712"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. serve node The module contains a path traversal vulnerability.Information may be obtained. Serve is a static file server that is primarily used to deploy local single-page applications or static files. A path traversal vulnerability exists in versions prior to serve6.4.9 that caused the program to fail to adequately filter the %2e(.) and %2f(/) characters in the url",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-3712"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-3712",
            "trust": 3.0
          },
          {
            "db": "HACKERONE",
            "id": "307666",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3712"
          }
        ]
      },
      "id": "VAR-201806-1519",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:41:49.021000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Scope to working directory correctly #316",
            "trust": 0.8,
            "url": "https://github.com/zeit/serve/pull/316"
          },
          {
            "title": "Serve path traversal vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/132533"
          },
          {
            "title": "serve Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80695"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3712"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.2,
            "url": "https://github.com/zeit/serve/pull/316"
          },
          {
            "trust": 1.6,
            "url": "https://hackerone.com/reports/307666"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3712"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3712"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3712"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3712"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          },
          {
            "date": "2018-08-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "date": "2018-06-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          },
          {
            "date": "2018-06-07T02:29:07.897000",
            "db": "NVD",
            "id": "CVE-2018-3712"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          },
          {
            "date": "2018-08-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006231"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          },
          {
            "date": "2024-11-21T04:05:55.840000",
            "db": "NVD",
            "id": "CVE-2018-3712"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Serve path traversal vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11967"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-429"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201806-1525

    Vulnerability from variot - Updated: 2024-11-23 22:17

    serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. serve node The module contains a data processing vulnerability.Information may be obtained. Serve is an HTTP server for deploying single-page applications. An attacker could exploit the vulnerability to reveal information using a directory listing

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201806-1525",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "serve",
            "scope": null,
            "trust": 1.4,
            "vendor": "serve",
            "version": null
          },
          {
            "model": "serve",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "zeit",
            "version": "6.5.2"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3718"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:serve_project:serve",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          }
        ]
      },
      "cve": "CVE-2018-3718",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-3718",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-11980",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-3718",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-3718",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-3718",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-3718",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-11980",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201806-423",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-423"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3718"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. serve node The module contains a data processing vulnerability.Information may be obtained. Serve is an HTTP server for deploying single-page applications. An attacker could exploit the vulnerability to reveal information using a directory listing",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-3718"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-3718",
            "trust": 3.0
          },
          {
            "db": "HACKERONE",
            "id": "308721",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-423",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-423"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3718"
          }
        ]
      },
      "id": "VAR-201806-1525",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:17:27.502000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "serve",
            "trust": 0.8,
            "url": "https://github.com/zeit/serve#readme"
          },
          {
            "title": "Serve information disclosure vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/132689"
          },
          {
            "title": "serve Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80690"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-423"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-177",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-19",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3718"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.0,
            "url": "https://hackerone.com/reports/308721"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3718"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3718"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-423"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3718"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-423"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-3718"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "date": "2018-06-06T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-423"
          },
          {
            "date": "2018-06-07T02:29:08.190000",
            "db": "NVD",
            "id": "CVE-2018-3718"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-06-25T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-11980"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201806-423"
          },
          {
            "date": "2024-11-21T04:05:56.567000",
            "db": "NVD",
            "id": "CVE-2018-3718"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-423"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "serve node Module data processing vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-006189"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201806-423"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2019-5417 (GCVE-0-2019-5417)

    Vulnerability from nvd – Published: 2019-03-17 19:24 – Updated: 2024-08-04 19:54
    VLAI
    Summary
    A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal (Local File Inclusion)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/358645 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a serve Affected: Fixed Version 7.1.3
    Date Public
    2018-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:54:53.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/358645"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "serve",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed Version 7.1.3"
                }
              ]
            }
          ],
          "datePublic": "2018-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal (Local File Inclusion)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-17T19:24:24.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/358645"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2019-5417",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "serve",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed Version 7.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal (Local File Inclusion)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/358645",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/358645"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2019-5417",
        "datePublished": "2019-03-17T19:24:24.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:54:53.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5415 (GCVE-0-2019-5415)

    Vulnerability from nvd – Published: 2019-03-17 19:28 – Updated: 2024-08-04 19:54
    VLAI
    Summary
    A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
    Severity
    No CVSS data available.
    CWE
    • CWE-548 - Information Exposure Through Directory Listing (CWE-548)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/330724 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a serve Affected: 7.0.0
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:54:53.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/330724"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "serve",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-548",
                  "description": "Information Exposure Through Directory Listing (CWE-548)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-17T19:28:37.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/330724"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2019-5415",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "serve",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Through Directory Listing (CWE-548)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/330724",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/330724"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2019-5415",
        "datePublished": "2019-03-17T19:28:37.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:54:53.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3718 (GCVE-0-2018-3718)

    Vulnerability from nvd – Published: 2018-06-07 02:00 – Updated: 2024-09-16 20:36
    VLAI
    Summary
    serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
    Severity
    No CVSS data available.
    CWE
    • CWE-177 - Improper Handling of URL Encoding (Hex Encoding) (CWE-177)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/308721 x_refsource_MISC
    Impacted products
    Vendor Product Version
    HackerOne serve node module Affected: All versions
    Create a notification for this product.
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/308721"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "serve node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-177",
                  "description": "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T01:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/308721"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2018-3718",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "serve node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/308721",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/308721"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3718",
        "datePublished": "2018-06-07T02:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:36:21.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3712 (GCVE-0-2018-3712)

    Vulnerability from nvd – Published: 2018-06-07 02:00 – Updated: 2024-09-17 00:05
    VLAI
    Summary
    serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - Path Traversal (CWE-22)
    Assigner
    References
    Impacted products
    Vendor Product Version
    HackerOne serve node module Affected: Versions before 6.4.9
    Create a notification for this product.
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/zeit/serve/pull/316"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/307666"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "serve node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions before 6.4.9"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal (CWE-22)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T01:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/zeit/serve/pull/316"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/307666"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2018-3712",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "serve node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions before 6.4.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal (CWE-22)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/zeit/serve/pull/316",
                  "refsource": "MISC",
                  "url": "https://github.com/zeit/serve/pull/316"
                },
                {
                  "name": "https://hackerone.com/reports/307666",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/307666"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3712",
        "datePublished": "2018-06-07T02:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:05:56.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3809 (GCVE-0-2018-3809)

    Vulnerability from nvd – Published: 2018-06-01 19:00 – Updated: 2024-09-17 00:52
    VLAI
    Summary
    Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/330650 x_refsource_MISC
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:22.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/330650"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-01T18:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/330650"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-3809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/330650",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/330650"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3809",
        "datePublished": "2018-06-01T19:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:52:19.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5415 (GCVE-0-2019-5415)

    Vulnerability from cvelistv5 – Published: 2019-03-17 19:28 – Updated: 2024-08-04 19:54
    VLAI
    Summary
    A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
    Severity
    No CVSS data available.
    CWE
    • CWE-548 - Information Exposure Through Directory Listing (CWE-548)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/330724 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a serve Affected: 7.0.0
    Date Public
    2018-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:54:53.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/330724"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "serve",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.0.0"
                }
              ]
            }
          ],
          "datePublic": "2018-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-548",
                  "description": "Information Exposure Through Directory Listing (CWE-548)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-17T19:28:37.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/330724"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2019-5415",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "serve",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Exposure Through Directory Listing (CWE-548)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/330724",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/330724"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2019-5415",
        "datePublished": "2019-03-17T19:28:37.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:54:53.375Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-5417 (GCVE-0-2019-5417)

    Vulnerability from cvelistv5 – Published: 2019-03-17 19:24 – Updated: 2024-08-04 19:54
    VLAI
    Summary
    A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
    Severity
    No CVSS data available.
    CWE
    • Directory Traversal (Local File Inclusion)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/358645 x_refsource_MISC
    Impacted products
    Vendor Product Version
    n/a serve Affected: Fixed Version 7.1.3
    Date Public
    2018-07-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:54:53.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/358645"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "serve",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Fixed Version 7.1.3"
                }
              ]
            }
          ],
          "datePublic": "2018-07-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory Traversal (Local File Inclusion)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-17T19:24:24.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/358645"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2019-5417",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "serve",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Fixed Version 7.1.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory Traversal (Local File Inclusion)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/358645",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/358645"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2019-5417",
        "datePublished": "2019-03-17T19:24:24.000Z",
        "dateReserved": "2019-01-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T19:54:53.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3718 (GCVE-0-2018-3718)

    Vulnerability from cvelistv5 – Published: 2018-06-07 02:00 – Updated: 2024-09-16 20:36
    VLAI
    Summary
    serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
    Severity
    No CVSS data available.
    CWE
    • CWE-177 - Improper Handling of URL Encoding (Hex Encoding) (CWE-177)
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/308721 x_refsource_MISC
    Impacted products
    Vendor Product Version
    HackerOne serve node module Affected: All versions
    Create a notification for this product.
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.645Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/308721"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "serve node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-177",
                  "description": "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T01:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/308721"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2018-3718",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "serve node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Handling of URL Encoding (Hex Encoding) (CWE-177)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/308721",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/308721"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3718",
        "datePublished": "2018-06-07T02:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:36:21.693Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3712 (GCVE-0-2018-3712)

    Vulnerability from cvelistv5 – Published: 2018-06-07 02:00 – Updated: 2024-09-17 00:05
    VLAI
    Summary
    serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
    Severity
    No CVSS data available.
    CWE
    • CWE-22 - Path Traversal (CWE-22)
    Assigner
    References
    Impacted products
    Vendor Product Version
    HackerOne serve node module Affected: Versions before 6.4.9
    Create a notification for this product.
    Date Public
    2018-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:50:30.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/zeit/serve/pull/316"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/307666"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "serve node module",
              "vendor": "HackerOne",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions before 6.4.9"
                }
              ]
            }
          ],
          "datePublic": "2018-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "Path Traversal (CWE-22)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-07T01:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/zeit/serve/pull/316"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/307666"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-04-26T00:00:00",
              "ID": "CVE-2018-3712",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "serve node module",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Versions before 6.4.9"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "HackerOne"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Path Traversal (CWE-22)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/zeit/serve/pull/316",
                  "refsource": "MISC",
                  "url": "https://github.com/zeit/serve/pull/316"
                },
                {
                  "name": "https://hackerone.com/reports/307666",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/307666"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3712",
        "datePublished": "2018-06-07T02:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:05:56.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-3809 (GCVE-0-2018-3809)

    Vulnerability from cvelistv5 – Published: 2018-06-01 19:00 – Updated: 2024-09-17 00:52
    VLAI
    Summary
    Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://hackerone.com/reports/330650 x_refsource_MISC
    Date Public
    2018-05-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:57:22.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/330650"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-05-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-01T18:57:01.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/330650"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "DATE_PUBLIC": "2018-05-31T00:00:00",
              "ID": "CVE-2018-3809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/330650",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/330650"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2018-3809",
        "datePublished": "2018-06-01T19:00:00.000Z",
        "dateReserved": "2017-12-28T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:52:19.326Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }