Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-14849

Опубликовано: 28 сент. 2017
Источник: debian

Описание

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
nodejsnot-affectedpackage

Примечания

  • https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/

  • https://twitter.com/nodejs/status/913131152868876288

Связанные уязвимости

ubuntu логотип

CVE-2017-14849

CVSS3: 7.5
ubuntu
больше 7 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

nvd логотип

CVE-2017-14849

CVSS3: 7.5
nvd
больше 7 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

github логотип

GHSA-c5w2-4jcq-rvf5

CVSS3: 7.5
github
около 3 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

suse-cvrf логотип

SUSE-SU-2019:14246-1

suse-cvrf
больше 5 лет назад

Security update for Mozilla Firefox