4 matches found
@ionic/cli-plugin-ionic1 (>=0.0.2 <=0.0.3), @phoenix-plugin-registry/com.vevedh.ioniccli (=1.1.2) +21 more potentially affected by CVE-2015-1164 via serve-static (>=1.7.0 <=1.7.1)
serve-static NPM version =1.7.0, =0.0.2, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.2.9, =0.0.9, =0.0.1, =0.0.1, =1.0.0, =0.0.1, =0.0.5 - isz =0.0.2 and more Source cves: CVE-2015-1164 Source advisory: OSV:GHSA-C3X7-GJMX-R2FF...
Security Bulletin: Security vulnerability in Node.js module affects IBM Business Process Manager (BPM) Configuration Editor (CVE-2015-1164)
Summary A security vulnerability has been reported for a dependent Node.js module "express". CVE-2015-1164 affects IBM Business Process Manager BPM because IBM BPM includes a stand-alone tool for editing configuration properties files that is based on open source Node.js technology. Vulnerability...
AZL-45312 CVE-2015-1164 affecting package nodejs-nodemon 2.0.3-5
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...
CVE-2015-1164
CVE-2015-1164 describes an open redirect in the Node.js module serve-static . Versions prior to 1.7.2 (and 1.6.x before 1.6.5) are affected when mounted at the root, enabling attackers to redirect victims to arbitrary sites by using a // in the PATH_INFO (e.g., //google.com/…). The issue can faci...