Improper Handling of URL Encoding (Hex Encoding)
CVE-2018-3718
Summary
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. This vulnerability affects versions prior to 6.5.2.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-177 - Improper Handling of URL Encoding (Hex Encoding)
The software does not properly handle when all or part of an input has been URL encoded.
References
Advisory Timeline
- Published