Home > Vulnerability Database > WS-2018-0116

Mend.io Vulnerability Database

WS-2018-0116

Good to know:

Date: February 28, 2018

"All versions of superstatic are vulnerable to path traversal when used on Windows.Additionally, it is vulnerable to path traversal on other platforms combined with certain Node.js versions which erroneously normalize \\\\ to / in paths on all platforms (a known example being Node.js v9.9.0)."

Language: JS

Severity Score

8.6

Related Resources (4)

Url: https://github.com/firebase/superstatic/commit/e396ff62f588732989137d6c40d46b310e51ef2b

Url: https://github.com/firebase/superstatic/pull/255

Url: https://hackerone.com/reports/319951

Url: https://www.mend.io/vulnerability-database/WS-2018-0116

Severity Score

8.6

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version 5.0.2

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2018-0116

Good to know:

Date: February 28, 2018

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?