Lucene search
K

39 matches found

OSV
OSV
added 2026/06/23 12:59 p.m.5 views

JLSEC-2026-612 Path traversal in the HTTP.jl static file server via separator/absolute path segments

Description The static file server decoded the request path, split it on /, and rejected only segments exactly equal to . or ... Because URL-decoding ran before the / split, an encoded backslash %5c, a Windows drive specifier C:..., or a UNC prefix \host\share survived inside a single segment and...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:10 a.m.14 views

Malicious code in node-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...

5.9AI score
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 3:56 a.m.7 views

Security Bulletin: Improper Drive Name Handling in Node.js path.join on Windows, affect watsonx.data

Summary A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root...

5.6CVSS6.6AI score0.01404EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-1574

Malware in sbrugna...

6.3CVSS6.4AI score0.02403EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-3483

Malware in sbrugna...

5CVSS6.4AI score0.01175EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-3886

Malicious code in bioql PyPI...

9.8CVSS7.9AI score0.0434EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.5 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/21 8:23 p.m.6 views

CVE-2006-3488

Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim...

5CVSS7.3AI score0.01175EPSS
Exploits0References1
OSV
OSV
added 2025/02/08 12:33 p.m.3 views

OESA-2025-1091 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

5.6CVSS6.7AI score0.01404EPSS
Exploits1References3
OSV
OSV
added 2025/01/30 7:20 p.m.8 views

BIT-NODE-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

5.6CVSS5.5AI score0.01404EPSS
Exploits1References4
OSV
OSV
added 2025/01/30 7:20 p.m.13 views

BIT-NODE-MIN-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

5.6CVSS5.5AI score0.01404EPSS
Exploits1References4
NVD
NVD
added 2025/01/28 5:15 a.m.17 views

CVE-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

5.6CVSS0.01404EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/01/28 4:35 a.m.22 views

CVE-2025-23084

A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...

5.6CVSS0.01404EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/28 12:0 a.m.4 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js that stems from certain Node.js functions not treating drive names as special paths on Windows...

5.6CVSS5.7AI score0.01404EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.3 views

SUSE CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS8.2AI score0.0434EPSS
Exploits0References11
OSV
OSV
added 2022/05/24 7:18 p.m.5 views

GHSA-G4RG-993R-MGX7 Improper Neutralization of Special Elements used in a Command in Shell-quote

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.2AI score0.0434EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 7:18 p.m.413 views

Improper Neutralization of Special Elements used in a Command in Shell-quote

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS9.6AI score0.0434EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:51 p.m.2 views

GHSA-J544-7Q9P-6XP8 Pallets Werkzeug vulnerable to Path Traversal

In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names such as C: in Windows pathnames...

7.5CVSS7.2AI score0.55526EPSS
Exploits7References4
OSV
OSV
added 2021/10/21 3:15 p.m.2 views

DEBIAN-CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS7.8AI score0.0434EPSS
Exploits0References1
OSV
OSV
added 2021/10/21 3:15 p.m.7 views

CVE-2021-42740

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec, an...

9.8CVSS9.7AI score
Exploits0References3
Rows per page
Query Builder