Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2020/08/31 10:57 p.m.6 views

@ionic/cli-plugin-ionic1 (>=0.0.2 <=0.0.3), @phoenix-plugin-registry/com.vevedh.ioniccli (=1.1.2) +21 more potentially affected by CVE-2015-1164 via serve-static (>=1.7.0 <=1.7.1)

serve-static NPM version =1.7.0, =0.0.2, =1.1.0, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.2.9, =0.0.9, =0.0.1, =0.0.1, =1.0.0, =0.0.1, =0.0.5 - isz =0.0.2 and more Source cves: CVE-2015-1164 Source advisory: OSV:GHSA-C3X7-GJMX-R2FF...

4.3CVSS6.3AI score0.02616EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.16 views

Security Bulletin: Security vulnerability in Node.js module affects IBM Business Process Manager (BPM) Configuration Editor (CVE-2015-1164)

Summary A security vulnerability has been reported for a dependent Node.js module "express". CVE-2015-1164 affects IBM Business Process Manager BPM because IBM BPM includes a stand-alone tool for editing configuration properties files that is based on open source Node.js technology. Vulnerability...

4.3CVSS0.4AI score0.02616EPSS
Exploits0Affected Software3
OSV
OSV
added 2015/01/21 3:28 p.m.5 views

AZL-45312 CVE-2015-1164 affecting package nodejs-nodemon 2.0.3-5

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...

4.3CVSS6.5AI score0.02616EPSS
Exploits0References1
CVE
CVE
added 2015/01/21 3:0 p.m.87 views

CVE-2015-1164

CVE-2015-1164 describes an open redirect in the Node.js module serve-static . Versions prior to 1.7.2 (and 1.6.x before 1.6.5) are affected when mounted at the root, enabling attackers to redirect victims to arbitrary sites by using a // in the PATH_INFO (e.g., //google.com/…). The issue can faci...

4.3CVSS6.2AI score0.02616EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder