Miggo Logo

CVE-2018-3713: Path Traversal in angular-http-server

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.70275%
Published
7/26/2018
Updated
3/1/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
angular-http-servernpm< 1.6.01.6.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The path traversal vulnerability stems from two key flaws: (1) resolveUrl's reliance on simple '..' string checks without URL decoding, and (2) requestListener's unsafe path construction using untrusted input. The commit in PR #21 replaced these with a secure path resolution function (getFilePathFromUrl) that properly validates absolute paths and handles edge cases, confirming the original functions' inadequacy. The combination of insufficient validation in resolveUrl and improper normalization in requestListener allowed attackers to escape the restricted directory.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*****t** v*rsions o* `*n*ul*r-*ttp-s*rv*r` *r* vuln*r**l* to p*t* tr*v*rs*l *llowin* * r*mot* *tt**k*r to r*** *il*s *rom t** s*rv*r t**t us*s `*n*ul*r-*ttp-s*rv*r`. ## R**omm*n**tion Up**t* to v*rsion *.*.* or l*t*r. :*x*l*m*tion: Not*: T*is w*s

Reasoning

T** p*t* tr*v*rs*l vuln*r**ility st*ms *rom two k*y *l*ws: (*) `r*solv*Url`'s r*li*n** on simpl* '..' strin* ****ks wit*out URL ***o*in*, *n* (*) `r*qu*stList*n*r`'s uns*** p*t* *onstru*tion usin* untrust** input. T** *ommit in PR #** r*pl**** t**s*