Skip to main content

Improper Handling of URL Encoding (Hex Encoding)

CVE-2018-3718

Severity Medium
Score 5.3/10

Summary

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. This vulnerability affects versions prior to 6.5.2.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-177 - Improper Handling of URL Encoding (Hex Encoding)

The software does not properly handle when all or part of an input has been URL encoded.

Advisory Timeline

  • Published