4 matches found
Node.js <8.6.0 - Directory Traversal
Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules. id: CVE-2017-14849 info: name: Node.js 8.6.0 - Directory Traversal author: RandomRobbie severity: high...
Node.js arbitrary file read Vulnerability(CVE-2017-14849)
Author: niubl@TSRC 1. Vulnerability description 2017 9 November 28, the company scanner found a business there is an example of the arbitrary file read vulnerability, the team follow-up analysis found that this is the Node. js and Express the common result of a Common Vulnerability. As we prepare...
CVE-2017-14849
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules...
CVE-2017-14849
Node.js 8.5.0 before 8.6.0 is vulnerable to directory traversal/file disclosure due to a changed handling of ".." that conflicts with pathname validation in some community modules. The issue allows remote attackers to access unintended files. A fix is available in Node.js 8.6.0 or later. If upgra...