GHSA-52r9-g5g6-2hjp

GitHub Security Advisory

Path Traversal in node-srv

✓ GitHub Reviewed MODERATE Has CVE

Versions of `node-srv` before 2.1.1 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses `node-srv`.

## Recommendation

Update to version 2.1.1 or later.

npm node-srv

Affected versions: 0 (fixed in 2.1.1)

CVE-2018-3714

GHSA ID

GHSA-52r9-g5g6-2hjp

Published

July 26, 2018 2:50 PM

Last Modified

March 1, 2023 1:19 AM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

node-srv

GitHub Reviewed

✓ Yes

Last updated: July 2, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.