CVE-2018-3715
published 2018-06-07CVE-2018-3715: glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to…
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.42%
69.4th percentile
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| glance_project | glance | < 3.0.9 | 3.0.9 |
| glance_project | glance | < 3.0.4 | 3.0.4 |
| glance_project | glance | < 3.0.9 | 3.0.9 |
| glance_project | glance | >= 0 < 3.0.4 | 3.0.4 |
| glance_project | glance | >= 0 < 3.0.9 | 3.0.9 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Path traversal vulnerability in glance
ghsa·2023-02-13·CVSS 6.5
CVE-2022-25937 [MEDIUM] CWE-22 Path traversal vulnerability in glance
Path traversal vulnerability in glance
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
OSV
Path traversal vulnerability in glance
osv·2023-02-13·CVSS 6.5
CVE-2022-25937 [MEDIUM] Path traversal vulnerability in glance
Path traversal vulnerability in glance
Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).
OSV
Path Traversal in glance
osv·2018-07-26
CVE-2018-3715 [MEDIUM] Path Traversal in glance
Path Traversal in glance
Versions of `glance` before 3.0.4 are vulnerable to a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
## Recommendation
Update to version 3.0.4 or later.
GHSA
Path Traversal in glance
ghsa·2018-07-26
CVE-2018-3715 [MEDIUM] CWE-22 Path Traversal in glance
Path Traversal in glance
Versions of `glance` before 3.0.4 are vulnerable to a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
## Recommendation
Update to version 3.0.4 or later.
No detection rules found.
No public exploits indexed.
2018-06-07
Published