GHSA-649c-x44h-4q7v

Опубликовано: 07 фев. 2019

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Tnantoka/public XSS Vulnerability

A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2018-16480
https://hackerone.com/reports/329950
https://github.com/advisories/GHSA-649c-x44h-4q7v
https://www.npmjs.com/package/public

Пакеты

Наименование

public

npm

Затронутые версииВерсия исправления

< 0.1.4

0.1.4

EPSS

Процентиль: 36%

0.0015

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-16480

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-16480

CVSS3: 6.1

nvd

около 7 лет назад

A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.

EPSS

Процентиль: 36%

0.0015

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-16480

Дефекты

CWE-79