Miggo Logo

CVE-2018-3734: Path Traversal in stattic

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.68357%
Published
7/18/2018
Updated
1/31/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
statticnpm< 0.3.00.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The security patch adds path normalization to the request handler callback within module.exports.listen. In vulnerable versions, this anonymous callback function (passed to http.createServer) processes raw pathname from the URL without normalization, allowing path traversal. While the function itself is anonymous, it is contained within and executed by the exported listen method. Runtime profiling would show execution flow through module.exports.listen when handling malicious requests, as this is the root function that configures the server and contains the vulnerable path handling logic.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

V*rsions o* `st*tti*` ***or* *.*.* *r* vuln*r**l* to p*t* tr*v*rs*l *llowin* * r*mot* *tt**k*r to r*** *r*itr*ry *il*s wit* *ny *xt*nsion *rom t** s*rv*r t**t us*rs `st*tti*`. ## R**omm*n**tion Up**t* to v*rsion *.*.* or l*t*r.

Reasoning

T** s**urity p*t** ***s p*t* norm*liz*tion to t** r*qu*st **n*l*r **ll***k wit*in `mo*ul*.*xports.list*n`. In vuln*r**l* v*rsions, t*is *nonymous **ll***k *un*tion (p*ss** to `*ttp.*r**t*S*rv*r`) pro**ss*s r*w `p*t*n*m*` *rom t** URL wit*out norm*liz