CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2018/06/07 2:29 a.m.•11 views

Path traversal

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path...

4CVSS6.2AI score0.00361EPSS

OSV•added 2018/06/07 2:29 a.m.•0 views

UBUNTU-CVE-2018-3717

connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...

5.4CVSS6.2AI score0.00332EPSS

Exploits1References3

Prion•added 2018/06/07 2:29 a.m.•10 views

Path traversal

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path...

5CVSS7.3AI score0.00529EPSS

UbuntuCve•added 2018/06/07 2:29 a.m.•17 views

CVE-2018-3717

connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...

5.4CVSS6.3AI score0.00332EPSS

Exploits1References2

Prion•added 2018/06/07 2:29 a.m.•29 views

Code injection

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...

4CVSS7.6AI score0.00256EPSS

Exploits2References3Affected Software2

Prion•added 2018/06/07 2:29 a.m.•15 views

Path traversal

626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

5CVSS7.3AI score0.00347EPSS

Cvelist•added 2018/06/07 2:0 a.m.•11 views

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

5.2AI score0.00243EPSS

CVE•added 2018/06/07 2:0 a.m.•51 views

CVE-2018-3723

CVE-2018-3723 affects defaults-deep prior to 0.2.4, enabling prototype pollution by abusing proto to modify Object.prototype. This can lead to added or altered properties existing on all objects, with potential DoS and, in some cases, remote code execution as described in linked advisories. The i...

8.8CVSS8.5AI score0.0043EPSS

CVE•added 2018/06/07 2:0 a.m.•46 views

CVE-2018-3718

CVE-2018-3718 affects the serve node module and is caused by improper handling of URL encoding, which can permit access to ignored/restricted files when a filename is URL encoded. Connected advisories/documentation (GHSA-5RC4-8QQH-VQ7F; OSV, NVD/CVE record) describe this as a directory traversal-...

5.3CVSS5.1AI score0.00243EPSS

Cvelist•added 2018/06/07 2:0 a.m.•12 views

CVE-2018-3724

general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path...

7.4AI score0.00529EPSS

CVE•added 2018/06/07 2:0 a.m.•52 views

CVE-2018-3712

CVE-2018-3712 affects the Node.js package named “serve” and its static file serving behavior. Versions prior to 6.4.9 fail to properly filter the characters %2e (.) and %2f (/), allowing them in paths and enabling a path-traversal that can list directory contents. The core impact described across...

6.5CVSS6.2AI score0.00678EPSS

CVE•added 2018/06/07 2:0 a.m.•49 views

CVE-2018-3725

CVE-2018-3725 describes a path-traversal vulnerability in the Node.js module hekto . The issue arises from inadequate validation of the requested file path, allowing a remote attacker to read arbitrary files on a server running hekto (e.g., via crafted URLs with traversal sequences). Several conn...

7.5CVSS7.3AI score0.00347EPSS

Cvelist•added 2018/06/07 2:0 a.m.•10 views

CVE-2018-3725

hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path...

7.4AI score0.00347EPSS

Debian CVE•added 2018/06/07 2:0 a.m.•14 views

CVE-2018-3719

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

8.8CVSS8.6AI score0.00542EPSS

Exploits1

CVE•added 2018/06/07 2:0 a.m.•59 views

CVE-2018-3716

CVE-2018-3716 affects the simplehttpserver Node.js module. The vulnerability is a stored XSS in directory listings caused by lack of validation/sanitization of file names fed into HTML output. Exploitation requires an attacker-controlled filename in the listing; the XSS payload is reflected in th...

5.4CVSS5.2AI score0.00216EPSS

CVE•added 2018/06/07 2:0 a.m.•43 views

CVE-2018-3732

The CVE-2018-3732 issue affects the resolve-path Node.js module prior to version 1.4.0. It suffers from a path traversal vulnerability due to insufficient validation of certain special-character paths, enabling a malicious user to read contents of files at known paths. Public reports across NVD, ...

7.5CVSS7.3AI score0.00395EPSS

CVE•added 2018/06/07 2:0 a.m.•56 views

CVE-2018-3727

Summary: CVE-2018-3727 affects the 626 Node.js module. All versions are vulnerable to path traversal due to lack of validation of requested file paths, allowing a remote attacker to read arbitrary files on the server hosting the module. Several connected sources (GHSA, OSV, CNVD, CN) corroborate ...

7.5CVSS7.2AI score0.00347EPSS