Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
NodejsNode.js1.8.4

2 matches found

CVE
CVEadded 2017/01/23 9:0 p.m.66 views

CVE-2015-8860

CVE-2015-8860 affects the tar module used with Node.js, where a symlink attack in an archive could allow a local attacker to overwrite arbitrary files. The vulnerability exists in tar package versions before 2.0.0; successful exploitation requires handling of symbolic links during extraction. Rem...

7.5CVSS7.3AI score0.04912EPSS
CVE
CVEadded 2017/01/23 9:0 p.m.54 views

CVE-2014-9772

The CVE-2014-9772 entry concerns the validator package for Node.js. Affected versions are prior to 2.0.0, where the built-in XSS filter can be bypassed using hex-encoded characters. This can allow bypass of the filter and may enable script execution in contexts that rely on the validator’s XSS pr...

6.1CVSS6.1AI score0.02623EPSS