CVE-2018-3717
Cross-Site Scripting (XSS) vulnerability in connect (npm)
What is CVE-2018-3717 About?
The `connect` node module before version 2.14.0 is vulnerable to Cross-Site Scripting (XSS) due to a lack of validation of the file in `directory.js` middleware. Attackers can inject malicious scripts into web pages, impacting user sessions. Exploitation is relatively easy if an attacker can influence the filename accessed.
Affected Software
Technical Details
The vulnerability in connect node module, specifically affecting versions prior to 2.14.0, is an XSS flaw located within the directory.js middleware. This middleware directory.js is responsible for serving directory listings. The vulnerability arises because the middleware fails to adequately validate or sanitize the file parameter (which represents a filename or path) before embedding it into the HTML output displayed in the directory listing. An attacker can craft a URL that includes malicious script content within the file component. When a user requests this crafted URL, the server responds with an HTML page containing the directory listing, and the unsanitized malicious script is rendered and executed in the user's browser context.
What is the Impact of CVE-2018-3717?
Successful exploitation may allow attackers to execute arbitrary scripts in the context of the user's browser, leading to session hijacking, defacement, or redirection to malicious sites.
What is the Exploitability of CVE-2018-3717?
Exploitation of this XSS vulnerability is of low complexity. It can be achieved remotely with no authentication required, provided the directory.js middleware is enabled and an attacker can craft a malicious URL to trigger it. The primary prerequisite is that the web application uses the connect module with the vulnerable directory.js middleware. An attacker simply needs to construct a URL with a path (filename) containing XSS payload which is then reflected in the directory listing. The risk is high in applications that expose directory listings generated by the vulnerable connect middleware.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2018-3717?
Available Upgrade Options
- connect
- <2.14.0 → Upgrade to 2.14.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://www.npmjs.com/advisories/595
- https://hackerone.com/reports/309641
- https://nvd.nist.gov/vuln/detail/CVE-2018-3717
- https://www.npmjs.com/advisories/584
- https://osv.dev/vulnerability/GHSA-rch9-xh7r-mqgw
- https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b
- https://github.com/advisories/GHSA-rch9-xh7r-mqgw
- https://hackerone.com/reports/309641
- https://hackerone.com/reports/309394
- https://hackerone.com/reports/309394
What are Similar Vulnerabilities to CVE-2018-3717?
Similar Vulnerabilities: CVE-2022-2900 , CVE-2021-39145 , CVE-2020-28500 , CVE-2019-15023 , CVE-2017-18357
