Lucene search
Cal LeemingNODEJS:37HistoryOct 17, 2015 - 7:41 p.m.
Potential for Script Injection
2015-10-1719:41:46
Cal Leeming
www.npmjs.com
17
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Overview
Versions of syntax-error prior to 1.1.1 are affected by a cross-site scripting vulnerability which may allow a malicious file to execute code when browserified.
Recommendation
Update to version 1.1.1 or later.
References
- [Browserify 4.2.1 Update](https://github.com/substa ck/node-browser ify/blob/master/changelog.markdown#421)
- GitHub Advisory
| CPE | Name | Operator | Version |
|---|---|---|---|
| syntax-error | lt | 1.1.1 |
Related
checkpoint_advisories
checkpoint_advisories
Browserify Node.js Remote Code Execution (CVE-2014-7192)
2015-01-21 00:00:00
debiancve
debiancve
CVE-2014-7192
2014-12-11 11:59:00
ubuntucve
ubuntucve
CVE-2014-7192
2014-12-11 00:00:00
github
github
Potential for Script Injection in syntax-error
2017-10-24 18:33:36
prion
prion
Design/Logic Flaw
2014-12-11 11:59:00
osv
osv
Potential for Script Injection in syntax-error
2017-10-24 18:33:36
cve
cve
CVE-2014-7192
2014-12-11 11:59:00
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related for NODEJS:37