CVE-2018-3729 is a Path Traversal vulnerability affecting versions of localhost-now released before 1.0.2. This flaw allows a remote attacker to potentially read sensitive files from the system. Updating to version 1.0.2 or later resolves this security concern.
The primary impact of this vulnerability is unauthorized file access. An attacker exploiting this Path Traversal flaw could read configuration files, source code, or other sensitive data stored on the server. The extent of the data exposed depends on the file system permissions and the files accessible through the vulnerable endpoint. While the vulnerability is remote, successful exploitation requires the attacker to be able to interact with the localhost-now service over a network connection. This could be a local network or, if the service is exposed to the internet, a wider attack surface.
CVE-2018-3729 was published on July 25, 2018. There is no indication of this vulnerability being actively exploited in the wild. No public Proof-of-Concept (POC) exploits have been widely reported. The vulnerability's severity is rated as High (CVSS 7.5) indicating a significant potential for exploitation if left unaddressed.
漏洞利用状态
EPSS
0.35% (57% 百分位)
CVSS 向量
The recommended mitigation for CVE-2018-3729 is to immediately upgrade localhost-now to version 1.0.2 or a later secure version. If upgrading is not immediately feasible, consider implementing strict access controls and file system permissions to limit the potential damage from unauthorized file access. While a direct workaround is not available, restricting network access to the localhost-now service can reduce the attack surface. After upgrading, verify the fix by attempting to access files outside of the intended directory structure through the vulnerable endpoint; access should be denied.
暂无官方补丁。请查找临时解决方案或持续关注更新。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2018-3729 is a security vulnerability in localhost-now versions before 1.0.2 that allows a remote attacker to read arbitrary files on the system.
You are affected if you are running localhost-now version 1.0.2 or earlier. Check your version using ./localhost-now --version.
Upgrade to version 1.0.2 or later. This resolves the Path Traversal vulnerability.
There is no public evidence of CVE-2018-3729 being actively exploited at this time.
Refer to the localhost-now