CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

hekto node module path traversal vulnerability

hekto node module is a module to support single page applications. A path traversal vulnerability exists in the hekto node module, which stems from the program's lack of file path filtering. An attacker can exploit this vulnerability to read the contents of an arbitrary file...

626 node module path traversal vulnerability

626 node module is a static server. A path traversal vulnerability exists in 626 node module, which stems from the program failing to filter the path of a requested file. An attacker could use this vulnerability to read the contents of an arbitrary file...

mcstatic node module path traversal vulnerability

The mcstatic node module is a static server. A path traversal vulnerability exists in mcstatic node module, which stems from the program's lack of file path filtering. An attacker can exploit this vulnerability to read the contents of an arbitrary file...

hekto node module path traversal vulnerability (CNVD-2018-16503)

hekto node module is a module to support single page applications. A path traversal vulnerability exists in the hekto node module because the program does not filter the path of the requested file. An attacker could use this vulnerability to read the contents of an arbitrary file...

public node module path traversal vulnerability

The public node module is a module that can run a static file hosting server using a public directory and port. A path traversal vulnerability exists in the public node module, which stems from the program's lack of detection of file paths. An attacker could use this vulnerability to read the...

ecstatic node module denial of service vulnerability

ecstatic node module is a http cooperative static file server middleware . A security vulnerability exists in ecstatic node module versions prior to 1.4.0. An attacker can exploit this vulnerability to cause a denial of service crash by sending input with the help of the If-Modified-Since packet...

mysql node module SQL injection vulnerability

The mysql node module is a node.js driver for MySQL written in JavaScript. A SQL injection vulnerability exists in the 'mysql.escape' function in mysql node module version 2.0.0-alpha7 and earlier, which stems from the program's failure to properly encode object keys. A remote attacker can exploi...

hapi node module denial of service vulnerability

The hapi node module is a server framework for Node.js. The framework supports input validation, caching, authentication and more. A security vulnerability exists in hapi node module versions prior to 11.1.3. An attacker exploits the vulnerability to cause a denial of service socket exhaustion wi...

CVE-2018-3717

connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...

CVE-2018-3725

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3717

connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...

CVE-2018-3731

public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

CVE-2018-3717

connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...

CVE-2018-3725

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3730

mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path...

CVE-2018-3732

resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path...

CVE-2018-3727

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

CVE-2018-3719

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...