Versions of `crud-file-server` prior to 0.9.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.

## Recommendation

Upgrade to version 0.9.0 or later.

Affected Packages

npm crud-file-server

Affected versions: 0 (fixed in 0.9.0)

Related CVEs

CVE-2018-3733

Key Information

GHSA ID

GHSA-vfp9-gwrh-wq9g

Published

July 18, 2018 9:20 PM

Last Modified

March 1, 2023 1:14 AM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

crud-file-server

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 31, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.