CVE-2018-3744
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-3744
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
路径遍历:’…/…//’
Source: NVD (National Vulnerability Database)
Vulnerability Title
html-pages node模块路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
html-pages node module是一款针对开发人员使用的http服务器。 html-pages node模块中存在路径遍历漏洞。攻击者可借助简单的cUR调用利用该漏洞读取服务器上的任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| HackerOne | html-pages node module | Not fixed | - |
II. Public POCs for CVE-2018-3744
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-3744
请登录查看更多情报信息。
- https://github.com/danielcardoso/html-pages/issues/2x_refsource_MISC
- https://hackerone.com/reports/306607x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-3744
Same Patch Batch · HackerOne · 2018-05-29 · 50 CVEs total
| CVE-2016-10674 | limbus-buildgen 安全漏洞 | |
| CVE-2017-16003 | windows-build-tools 安全漏洞 | |
| CVE-2017-16062 | node-tkinter 安全漏洞 | |
| CVE-2017-16153 | gaoxuyan 路径遍历漏洞 | |
| CVE-2018-3733 | crud-file-server node模块路径遍历漏洞 | |
| CVE-2018-3734 | stattic node模块路径遍历漏洞 | |
| CVE-2018-3745 | Joyent Node.js atob 安全漏洞 | |
| CVE-2017-16061 | tkinter 安全漏洞 | |
| CVE-2016-10680 | adamvr-geoip-lite 安全漏洞 | |
| CVE-2016-10679 | selenium-standalone-painful 安全漏洞 | |
| CVE-2016-10681 | roslib-socketio 安全漏洞 | |
| CVE-2016-10666 | tomita-parser 安全漏洞 | |
| CVE-2016-10659 | poco 安全漏洞 | |
| CVE-2016-10658 | native-opencv 安全漏洞 | |
| CVE-2016-10650 | ntfserver 安全漏洞 | |
| CVE-2016-10635 | broccoli-closure 安全漏洞 | |
| CVE-2016-10627 | scala-bin 安全漏洞 | |
| CVE-2016-10611 | strider-sauce 安全漏洞 | |
| CVE-2016-10601 | webdrvr 安全漏洞 | |
| CVE-2016-10593 | ibapi 安全漏洞 |
Showing top 20 of 50 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same weakness: CWE-35
V. Comments for CVE-2018-3744
No comments yet