Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3744

CWE-22 — Path Traversal6 documents5 sources

Severity

7.5HIGH

EPSS

78.2%

top 0.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Nodejs Node.js

Timeline

PublishedOct 23

Latest updateAug 31

Description

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDnodejs/node.js0.2.4

▶npmst< 0.2.5

🔴Vulnerability Details

GHSA

Directory Traversal in st↗2020-08-31

▶

OSV

Directory Traversal in st↗2020-08-31

▶

CVEList

CVE-2014-3744: Directory traversal vulnerability in the st module before 0↗2017-10-23

▶

OSV

CVE-2014-3744: Directory traversal vulnerability in the st module before 0↗2017-10-23

▶

💥Exploits & PoCs

Nuclei

Node.js st module Directory Traversal

▶