Опубликовано: 07 июн. 2018
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 3.5
CVSS3: 5.4
Описание
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 3.4.1-1 |
| devel | not-affected | |
| esm-apps/bionic | not-affected | 3.4.1-1 |
| esm-apps/focal | not-affected | |
| esm-apps/jammy | not-affected | |
| esm-apps/xenial | not-affected | 3.3.0-1 |
| esm-infra-legacy/trusty | DNE | |
| focal | not-affected | |
| groovy | not-affected | |
| hirsute | not-affected |
Показывать по
10
EPSS
Процентиль: 56%
0.00332
Низкий
3.5 Low
CVSS2
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.4
redhat
больше 7 лет назад
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
CVSS3: 5.4
nvd
больше 7 лет назад
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
CVSS3: 5.4
debian
больше 7 лет назад
connect node module before 2.14.0 suffers from a Cross-Site Scripting ...
EPSS
Процентиль: 56%
0.00332
Низкий
3.5 Low
CVSS2
5.4 Medium
CVSS3