Описание
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Mobile Application Platform 4 | nodejs-connect | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1588799nodejs-connect: XSS due to a lack of validation of file in directory.js middleware
EPSS
Процентиль: 56%
0.00332
Низкий
6.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 7 лет назад
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
CVSS3: 5.4
nvd
больше 7 лет назад
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
CVSS3: 5.4
debian
больше 7 лет назад
connect node module before 2.14.0 suffers from a Cross-Site Scripting ...
EPSS
Процентиль: 56%
0.00332
Низкий
6.4 Medium
CVSS3