CVE-2018-3730

EPSS 2.0%CWE-22

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

Affected products

HackerOne · mcstatic node module

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://hackerone.com/reports/312907