CVE-2018-3713: Path Traversal in angular-http-server
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.70275%
CWE
Published
7/26/2018
Updated
3/1/2023
KEV Status
No
Technology
JavaScript
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
angular-http-server | npm | < 1.6.0 | 1.6.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The path traversal vulnerability stems from two key flaws: (1) resolveUrl
's reliance on simple '..' string checks without URL decoding, and (2) requestListener
's unsafe path construction using untrusted input. The commit in PR #21 replaced these with a secure path resolution function (getFilePathFromUrl
) that properly validates absolute paths and handles edge cases, confirming the original functions' inadequacy. The combination of insufficient validation in resolveUrl
and improper normalization in requestListener
allowed attackers to escape the restricted directory.