CVE-2017-14849

Опубликовано: 28 сент. 2017

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 7.5

Описание

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

Релиз	Статус	Примечание
devel	not-affected
esm-apps/xenial	not-affected
esm-infra-legacy/trusty	not-affected
precise/esm	DNE
trusty	not-affected
trusty/esm	not-affected
upstream	released	8.6.0
vivid/ubuntu-core	DNE
xenial	not-affected
zesty	not-affected

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2017-14849

CVSS3: 7.5

nvd

больше 7 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

CVE-2017-14849

CVSS3: 7.5

debian

больше 7 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ...

GHSA-c5w2-4jcq-rvf5

CVSS3: 7.5

github

около 3 лет назад

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

SUSE-SU-2019:14246-1

suse-cvrf

больше 5 лет назад

Security update for Mozilla Firefox

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2017-14849

Описание

Пакет nodejs

Ссылки на источники

Связанные уязвимости