Login Sign Up

CVE-2023-46496

8.3 HIGH

📋 TL;DR

A directory traversal vulnerability in EverShop NPM allows remote attackers to access sensitive files outside the intended directory via crafted DELETE requests to the api/files endpoint. This affects all EverShop installations using versions before 1.0.0-rc.8. Attackers can potentially read arbitrary files on the server.

💻 Affected Systems

Products:
  • EverShop
Versions: All versions before 1.0.0-rc.8
Operating Systems: All platforms running Node.js
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all EverShop deployments with the vulnerable endpoint exposed.

📦 What is this software?

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

Evershop by Evershop

View all CVEs affecting Evershop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive configuration files, credentials, or source code, potentially leading to further attacks.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, user information, or application secrets.

🟢

If Mitigated

Limited impact with proper file permissions, network segmentation, and input validation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending crafted HTTP DELETE requests with directory traversal sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.0-rc.8 and later

Vendor Advisory: https://devhub.checkmarx.com/cve-details/CVE-2023-46496/

Restart Required: Yes

Instructions:

1. Update EverShop to version 1.0.0-rc.8 or later using npm update evershop. 2. Restart the EverShop application. 3. Verify the update was successful.

🔧 Temporary Workarounds

Block DELETE requests to api/files endpoint

all

Configure web application firewall or reverse proxy to block DELETE requests to the vulnerable endpoint.

# Example nginx configuration
location /api/files {
    limit_except GET POST PUT { deny all; }
}

Implement input validation middleware

all

Add middleware to sanitize and validate file path parameters before processing.

// Example Express middleware
app.use('/api/files', (req, res, next) => {
    if (req.params.path && req.params.path.includes('..')) {
        return res.status(400).send('Invalid path');
    }
    next();
});

🧯 If You Can't Patch

  • Implement strict file system permissions to limit accessible directories
  • Deploy network segmentation to isolate EverShop from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check package.json for EverShop version. If version is below 1.0.0-rc.8, the system is vulnerable.

Check Version:

npm list evershop | grep evershop

Verify Fix Applied:

After updating, verify the version is 1.0.0-rc.8 or higher and test that directory traversal attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

  • HTTP DELETE requests to /api/files with '..' sequences
  • Failed file access attempts outside expected directories

Network Indicators:

  • Unusual patterns of DELETE requests to file endpoints
  • Requests with encoded directory traversal sequences

SIEM Query:

method=DELETE AND uri_path="/api/files" AND (uri_query="*..*" OR user_agent="*..*")

📊 Metadata

CVE ID: CVE-2023-46496
CVSS v3 Score: 8.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CWE: CWE-22
Published: December 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46496, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)