Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-14849

Опубликовано: 28 сент. 2017
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Критический

Описание

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.90232
Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVSS3: 7.5
ubuntu
почти 8 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

CVSS3: 7.5
debian
почти 8 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ...

CVSS3: 7.5
github
около 3 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

suse-cvrf
больше 5 лет назад

Security update for Mozilla Firefox

EPSS

Процентиль: 100%
0.90232
Критический

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-22