HIGHCVE-2018-3724CVSS 7.5

CVE-2018-3724: Path Traversal in general-file-server

Platform

nodejs

Component

general-file-server

Fixed in

1.1.9

AI Confidence: highNVDEPSS 0.5%Reviewed: May 2026

View on NVD

Save

CVE-2018-3724 represents a Path Traversal vulnerability affecting the general-file-server module. This flaw allows unauthorized access to sensitive files on the server, potentially exposing confidential data. The vulnerability impacts versions of general-file-server up to and including 1.1.8. Currently, no official fix is available.

Impact and Attack Scenarios

The primary impact of CVE-2018-3724 is the ability for an attacker to read arbitrary files from the server's file system. By manipulating file paths, an attacker can bypass intended access controls and retrieve sensitive information such as configuration files, source code, or user data. This could lead to data breaches, system compromise, and further exploitation. The blast radius extends to any data stored on the server accessible through the vulnerable module.

Exploitation Context

As of the latest information, CVE-2018-3724 does not appear to be actively exploited in the wild. The vulnerability's severity is considered HIGH (CVSS 7.5). There are no known public exploits or proof-of-concept code. The vulnerability was published in July 2018, and the lack of a fix suggests it may be in a less actively maintained project.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

0.53% (67% percentile)

CVSS Vector

Affected Software

Componentgeneral-file-server

Vendorosv

Affected rangeFixed in

1.1.81.1.9

Timeline

Published2018-07-26
Modified2023-11-08
EPSS updated2026-04-02

Unpatched — 2859 days since disclosure

Mitigation and Workarounds

Due to the absence of a direct patch, the primary mitigation strategy is to avoid using the vulnerable general-file-server module until a fix is released by the vendor. If the module is currently deployed, consider disabling or removing it entirely. As a temporary workaround, restrict access to the module using network firewalls or access control lists, limiting access to only authorized users and systems. Regularly monitor system logs for suspicious activity related to file access.

How to fix

No official patch available. Check for workarounds or monitor for updates.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2018-3724 — Path Traversal in general-file-server?

CVE-2018-3724 is a Path Traversal vulnerability affecting versions of general-file-server up to 1.1.8, allowing attackers to read arbitrary files on the server.

Am I affected by CVE-2018-3724 in general-file-server?

You are affected if you are using general-file-server version 1.1.8 or earlier. Assess your deployments immediately.

How do I fix CVE-2018-3724 in general-file-server?

Currently, no fix is available. The recommended mitigation is to avoid using the module until a patch is released.

Is CVE-2018-3724 being actively exploited?

There is no public evidence of active exploitation of CVE-2018-3724 at this time.

Where can I find the official general-file-server advisory for CVE-2018-3724?

Official advisories for this vulnerability are limited. Consult relevant security mailing lists and vulnerability databases for updates.