25 matches found
EUVD-2023-0493
Malicious code in bioql PyPI...
EUVD-2023-0343
Malicious code in bioql PyPI...
CVE-2022-25847
All versions of the package serve-lite are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding...
CVE-2022-21192
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...
Cross-site Scripting (XSS)
serve-lite is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the main function in server.js renders the listing file with all of its contents with links that include the actual file names without any sanitization or output encoding, allowing an attacker to inject and...
Directory Traversal
serve-lite is vulnerable to Directory Traversal. The vulnerability is due to a a lack of input sanitization in the req.url parameter which is passed as-is to the path.join function, allowing a remote attacker to access system files and retrieve confidential information via malicious input...
GHSA-5QQ4-M6C3-XXMF Directory Traversal vulnerability in serve-lite
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...
Directory Traversal vulnerability in serve-lite
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...
Cross-site Scripting (XSS) in serve-lite
All versions of the package serve-lite are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding...
GHSA-J8X7-QCW4-XX85 Cross-site Scripting (XSS) in serve-lite
All versions of the package serve-lite are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding...
CVE-2022-25847
All versions of the package serve-lite are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding...
CVE-2022-21192
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...
Cross site scripting
All versions of the package serve-lite are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding...
Directory traversal
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...
serve-lite 跨站脚本漏洞
serve-lite is a lightweight http server for static file-based web development. A security vulnerability exists in serve-lite that stems from presenting file listings without cleaning or escaping them when a request for a directory is received...
serve-lite 路径遍历漏洞
serve-lite is a lightweight http server for static file-based web development. A security vulnerability exists in serve-lite that stems from a lack of input cleanup or other checks and protections and a directory traversal vulnerability...
CVE-2022-21192
CVE-2022-21192 affects the lightweight HTTP server package serve-lite . The vulnerability is a Directory Traversal caused by missing input sanitization of the request URL, which is passed as-is to path.join(), enabling access to files outside the intended directory. Affects all versions prior to ...
CVE-2022-21192
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...
CVE-2022-25847
CVE-2022-25847 affects the serve-lite package. The root cause is that when a request targets a directory, the server renders a file listing with links that include actual file names without sanitization or output encoding, enabling Cross-site Scripting (XSS) via crafted filenames. Affected: all v...
CVE-2022-25847
All versions of the package serve-lite are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding...