Exploitation Summary
EIP tracks 1 public exploit for CVE-2018-3744. PoCs published by bl4de.
Description
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/306607
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/danielcardoso/html-pages/issues/2
Scores
CVSS v3
9.8
EPSS
0.0043
EPSS Percentile
62.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-35
Status
published
Products (2)
html-pages_project/html-pages
2.0.7
npm/html-pages
0npm
Published
May 29, 2018
Tracked Since
Feb 18, 2026