4 matches found
Node.js st module Directory Traversal
A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path. id: CVE-2014-3744 info: name: Node.js st module Directory Traversal author: geeknik severity: high description: A...
CVE-2014-3744
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path...
CVE-2014-3744
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path...
CVE-2014-3744
The CVE-2014-3744 issue is a directory traversal vulnerability in the Node.js st module prior to 0.2.5. Vulnerable versions mishandle URL-encoded dots (e.g., %2e and %2e%2e), allowing remote attackers to read arbitrary files on the server. Evidence from multiple sources confirms the affected comp...