VulnerableCode Vulnerability Details - VCID-cftz-enwf-6uht

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-cftz-enwf-6uht

Essentials
Severities (3)
References (3)
Severity details (3)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-cftz-enwf-6uht
Aliases	GHSA-8h8v-6qqm-fwpq GMS-2020-715
Summary	Relative Path Traversal in express-cart.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352	Cross-Site Request Forgery (CSRF)
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

System	Score	Found at
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-8h8v-6qqm-fwpq
generic_textual	HIGH	https://hackerone.com/reports/343726
generic_textual	HIGH	https://www.npmjs.com/advisories/676

Reference id	Reference type	URL
		https://hackerone.com/reports/343726
		https://www.npmjs.com/advisories/676
GHSA-8h8v-6qqm-fwpq		https://github.com/advisories/GHSA-8h8v-6qqm-fwpq

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:20:13.236992+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/express-cart/GMS-2020-715.yml	38.6.0