CVE-2015-8859

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.

Ссылки

http://www.openwall.com/lists/oss-security/2016/04/20/11
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96435
Broken Link
Third Party Advisory
VDB Entry
https://nodesecurity.io/advisories/56
Broken Link
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/04/20/11
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/96435
Broken Link
Third Party Advisory
VDB Entry
https://nodesecurity.io/advisories/56
Broken Link
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:send_project:send:*:*:*:*:*:node.js:*:*

Версия до 0.11.1 (исключая)

EPSS

Процентиль: 40%

0.00184

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2015-8859

CVSS3: 5.3

ubuntu

около 9 лет назад

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.

CVE-2015-8859

CVSS3: 5.3

debian

около 9 лет назад

The send package before 0.11.1 for Node.js allows attackers to obtain ...

GHSA-jgqf-hwc5-hh37

CVSS3: 5.3

github

больше 8 лет назад

Root Path Disclosure in send

EPSS

Процентиль: 40%

0.00184

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo