Lucene search
GoogleOSV:GHSA-RCH9-XH7R-MQGWHistoryJul 26, 2018 - 3:08 p.m.
Cross-Site Scripting in connect
2018-07-2615:08:05
Google
osv.dev
15
EPSS
0.001
Percentile
37.8%
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
References
github.com/advisories/GHSA-rch9-xh7r-mqgw
github.com/JacksonTian/anywhere/issues/33#issuecomment-366527448
github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b
hackerone.com/reports/309394
hackerone.com/reports/309641
nvd.nist.gov/vuln/detail/CVE-2018-3717
www.npmjs.com/advisories/584
www.npmjs.com/advisories/595
Related
nodejs
nodejs
Cross-Site Scripting
2018-04-24 14:49:57
Cross-Site Scripting
2018-04-24 16:17:26
debiancve
debiancve
CVE-2018-3717
2018-06-07 02:29:08
prion
prion
Cross site scripting
2018-06-07 02:29:00
cvelist
cvelist
CVE-2018-3717
2018-06-07 02:00:00
cve
cve
CVE-2018-3717
2018-06-07 02:29:08
osv
osv
CVE-2018-3717
2018-06-07 02:29:08
redhatcve
redhatcve
CVE-2018-3717
2018-06-07 21:19:13
nvd
nvd
CVE-2018-3717
2018-06-07 02:29:08
ubuntucve
ubuntucve
CVE-2018-3717
2018-06-07 00:00:00
hackerone
hackerone
github
github
Cross-Site Scripting in connect
2018-07-26 15:08:05
veracode
veracode
Cross-site Scripting (XSS)
2018-03-01 03:10:54