Plataforma
nodejs
Componente
localhost-now
Corrigido em
1.0.2
CVE-2018-3729 is a Path Traversal vulnerability affecting versions of localhost-now released before 1.0.2. This flaw allows a remote attacker to potentially read sensitive files from the system. Updating to version 1.0.2 or later resolves this security concern.
The primary impact of this vulnerability is unauthorized file access. An attacker exploiting this Path Traversal flaw could read configuration files, source code, or other sensitive data stored on the server. The extent of the data exposed depends on the file system permissions and the files accessible through the vulnerable endpoint. While the vulnerability is remote, successful exploitation requires the attacker to be able to interact with the localhost-now service over a network connection. This could be a local network or, if the service is exposed to the internet, a wider attack surface.
CVE-2018-3729 was published on July 25, 2018. There is no indication of this vulnerability being actively exploited in the wild. No public Proof-of-Concept (POC) exploits have been widely reported. The vulnerability's severity is rated as High (CVSS 7.5) indicating a significant potential for exploitation if left unaddressed.
Status do Exploit
EPSS
0.35% (percentil 57%)
Vetor CVSS
The recommended mitigation for CVE-2018-3729 is to immediately upgrade localhost-now to version 1.0.2 or a later secure version. If upgrading is not immediately feasible, consider implementing strict access controls and file system permissions to limit the potential damage from unauthorized file access. While a direct workaround is not available, restricting network access to the localhost-now service can reduce the attack surface. After upgrading, verify the fix by attempting to access files outside of the intended directory structure through the vulnerable endpoint; access should be denied.
Nenhum patch oficial disponível. Procure alternativas ou monitore atualizações.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2018-3729 is a security vulnerability in localhost-now versions before 1.0.2 that allows a remote attacker to read arbitrary files on the system.
You are affected if you are running localhost-now version 1.0.2 or earlier. Check your version using ./localhost-now --version.
Upgrade to version 1.0.2 or later. This resolves the Path Traversal vulnerability.
There is no public evidence of CVE-2018-3729 being actively exploited at this time.
Refer to the localhost-now
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.