2 matches found
CVE-2018-3766
The CVE-2018-3766 issue affects the buttle module for Node.js, where versions
CVE-2019-5422
The buttle npm package (version 0.2.0) is vulnerable to Cross-Site Scripting (XSS) due to lack of filename sanitization, enabling attacker-controlled JavaScript in the victim’s browser when files with malicious names are processed by the server. Multiple sources (npm advisory, GitHub/GHSA, CNVD, ...