CVE-2017-14849

Опубликовано: 28 сент. 2017

Источник: debian

EPSS Высокий

Описание

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
nodejs	not-affected			package

Примечания

https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
https://twitter.com/nodejs/status/913131152868876288

EPSS

Процентиль: 99%

0.88735

Высокий

Связанные уязвимости

CVE-2017-14849

CVSS3: 7.5

ubuntu

около 8 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

CVE-2017-14849

CVSS3: 7.5

nvd

около 8 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

GHSA-c5w2-4jcq-rvf5

CVSS3: 7.5

github

больше 3 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

SUSE-SU-2019:14246-1

suse-cvrf

почти 6 лет назад

Security update for Mozilla Firefox

EPSS

Процентиль: 99%

0.88735

Высокий