Directory Traversal Vulnerability in st Module for Node.js
CVE-2014-3744

7.5HIGH

Key Information:

Vendor: Nodejs
Status: Node.js
Vendor: CVE Published:; 23 October 2017

What is CVE-2014-3744?

The st module for Node.js, prior to version 0.2.5, is vulnerable to a directory traversal issue. This vulnerability allows attackers to exploit path traversal sequences, such as encoded dot segments (%2e%2e), to read arbitrary files on the server. If successfully exploited, this could result in sensitive information leakage, exposing critical application data or configuration files that should remain secure.

References

http://www.openwall.com/lists/oss-security/2014/05/15/2

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2014/05/13/1

mailing-listx_refsource_MLIST

https://github.com/isaacs/st

x_refsource_CONFIRM

EPSS Score

48% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2017
Vulnerability Reserved
May 14, 2014

Nodejs

What is CVE-2014-3744?

References

EPSS Score

CVSS V3.1

Timeline