Path traversal

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

Path traversal

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

UBUNTU-CVE-2018-3717

connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...

Path traversal

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path...

Cross site scripting

connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...

Cross site scripting

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...

Path traversal

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e . and %2f / and allowing them in paths, which allows a malicious user to view the contents of any directory with known path...

Code injection

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

CVE-2018-3727

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3731

CVE-2018-3731 affects the public Node.js module (versions prior to 0.1.3). The vulnerability stems from lack of validation/sanitization of filePath, enabling a path traversal attack that lets an attacker read arbitrary files on the server where the module runs. Impact is read access to files; no ...

CVE-2018-3730

The CVE-2018-3730 entry concerns the mcstatic Node.js module, where a Path Traversal flaw arises from insufficient validation of the filePath, enabling reading of arbitrary server files. Public documents corroborate that all versions of mcstatic are affected and that exploitation is feasible via ...

CVE-2018-3722

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

CVE-2018-3721

CVE-2018-3721 relates to the lodash node module prior to 4.17.5, enabling a prototype pollution MAID vulnerability through defaultsDeep, merge, and mergeWith that could modify Object.prototype via proto . The provided IBM security bulletin corroborates the vulnerability details for this CVE and l...

CVE-2018-3723

CVE-2018-3723 affects defaults-deep prior to 0.2.4, enabling prototype pollution by abusing proto to modify Object.prototype. This can lead to added or altered properties existing on all objects, with potential DoS and, in some cases, remote code execution as described in linked advisories. The i...

CVE-2018-3711

Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload...

CVE-2018-3725

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3719

CVE-2018-3719 affects the Node.js module mixin-deep (versions before 1.3.1). The vulnerability is a prototype pollution (MAID) flaw that lets an attacker modify Object.prototype via proto , causing addition or modification of properties that exist on all objects. Affected versions are explicitly ...

CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

CVE-2018-3719

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...