Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Node.js path validation vulnerability - Vulnerability Database

Node.js path validation vulnerability

Description

Node.js version 8.5.0 included a change which caused a security vulnerability in the checks on paths made by some community modules. As a result, an attacker may be able to access file system paths other than those intended.

Version 8.5.0 of Node.js is vulnerable. 4.x and 6.x versions are NOT vulnerable.

Remediation

Upgrade to the latest version of Node.js. This vulnerability was fixed with the patch from September 2017.

References

Path validation vulnerability, September 2017

Related Vulnerabilities

ColdFusion directory traversal High
Common tags: Directory Traversal
WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6) High
Common tags: Directory Traversal
WordPress Plugin WordPress Download Manager Directory Traversal (2.6.95) High
Common tags: Directory Traversal
WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.0.0) High
Common tags: Directory Traversal
WordPress Plugin Advanced Dewplayer Directory Traversal (1.2) High
Common tags: Directory Traversal

Severity

High

Classification

CVE-2017-14849
CWE-22
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal