Lucene search
K

4 matches found

Nuclei
Nuclei
added 2 days ago70 views

Node.js <8.6.0 - Directory Traversal

Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules. id: CVE-2017-14849 info: name: Node.js 8.6.0 - Directory Traversal author: RandomRobbie severity: high...

7.5CVSS7.1AI score0.53416EPSS
Exploits2References5
seebug.org
seebug.org
added 2017/11/07 12:0 a.m.140 views

Node.js arbitrary file read Vulnerability(CVE-2017-14849)

Author: niubl@TSRC 1. Vulnerability description 2017 9 November 28, the company scanner found a business there is an example of the arbitrary file read vulnerability, the team follow-up analysis found that this is the Node. js and Express the common result of a Common Vulnerability. As we prepare...

5CVSS7.6AI score0.53416EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2017/09/28 1:29 a.m.19 views

CVE-2017-14849

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules...

7.5CVSS7.2AI score0.53416EPSS
Exploits2References3
CVE
CVE
added 2017/09/28 12:0 a.m.125 views

CVE-2017-14849

Node.js 8.5.0 before 8.6.0 is vulnerable to directory traversal/file disclosure due to a changed handling of ".." that conflicts with pathname validation in some community modules. The issue allows remote attackers to access unintended files. A fix is available in Node.js 8.6.0 or later. If upgra...

7.5CVSS7.4AI score0.53416EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder