CVE-2018-3717
N/A
N/A
Summary
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | connect node module | Versions before 2.14.0 | affected |
Weaknesses
- CWE-79: Cross-site Scripting (XSS) - Generic (CWE-79)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b
- https://hackerone.com/reports/309641
- https://hackerone.com/reports/309394
References
- https://github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b
- https://hackerone.com/reports/309641
- https://hackerone.com/reports/309394
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.