GHSA-m8fw-534v-xm85

Опубликовано: 04 июн. 2019

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting (XSS) in cloudcmd

Versions of cloudcmd before 9.1.6 are vulnerable to cross-site scripting (XSS) when listing files in a directory. The attacker must control the name of a file for this vulnerability to be exploitable.

Recommendation

Update to version 9.1.6 or later.

Ссылки

https://github.com/coderaiser/cloudcmd/commit/23f4d4702cd3d473977285f26ea2ae7206b45f38
https://hackerone.com/reports/341044
https://hackerone.com/reports/341044)
https://www.npmjs.com/advisories/642

Пакеты

Наименование

cloudcmd

npm

Затронутые версииВерсия исправления

< 9.1.6

9.1.6

Дефекты

CWE-79

Дефекты

CWE-79