CVE-2018-17785: Path Traversal
First published: Sun Sep 30 2018(Updated: )
In blynk-server in Blynk before 0.39.7, Directory Traversal exists via a ../ in a URI that has /static or /static/js at the beginning, as demonstrated by reading the /etc/passwd file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BTCPayServer | <0.39.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-17785?
CVE-2018-17785 is considered a medium severity vulnerability due to the potential for directory traversal leading to sensitive information disclosure.
How do I fix CVE-2018-17785?
To fix CVE-2018-17785, upgrade blynk-server to version 0.39.7 or later where the vulnerability has been patched.
What software is affected by CVE-2018-17785?
CVE-2018-17785 affects blynk-server versions prior to 0.39.7.
What is a directory traversal vulnerability like CVE-2018-17785?
A directory traversal vulnerability like CVE-2018-17785 allows an attacker to access files and directories that are outside the intended directory structure.
Can CVE-2018-17785 lead to data breaches?
Yes, CVE-2018-17785 can potentially lead to data breaches by allowing unauthorized access to sensitive files such as /etc/passwd.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/blynk
- canonical/btcpayserver