CVE-2015-3297

Published: Jul 7, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.

Affected (26)

Products: Etherpad: Etherpad

Etherpad

1 product

Etherpad

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Etherpad Etherpad	Version 1.1.1
Etherpad Etherpad	Version 1.1.2
Etherpad Etherpad	Version 1.1.3
Etherpad Etherpad	Version 1.1.4
Etherpad Etherpad	Version 1.1.5
Etherpad Etherpad	Version 1.2.0
Etherpad Etherpad	Version 1.2.10
Etherpad Etherpad	Version 1.2.11
Etherpad Etherpad	Version 1.2.12
Etherpad Etherpad	Version 1.2.1
Etherpad Etherpad	Version 1.2.2
Etherpad Etherpad	Version 1.2.3
Etherpad Etherpad	Version 1.2.4
Etherpad Etherpad	Version 1.2.5
Etherpad Etherpad	Version 1.2.6
Etherpad Etherpad	Version 1.2.7
Etherpad Etherpad	Version 1.2.81
Etherpad Etherpad	Version 1.2.8
Etherpad Etherpad	Version 1.2.91
Etherpad Etherpad	Version 1.2.9
Etherpad Etherpad	Version 1.3.0
Etherpad Etherpad	Version 1.4.0
Etherpad Etherpad	Version 1.4.1
Etherpad Etherpad	Version 1.5.0
Etherpad Etherpad	Version 1.5.1
Etherpad Etherpad	Version 1.5.2