npm package
buttle
pkg:npm/buttle
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5422 | — | <= 0.2.0 | — | Apr 3, 2019 | XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server. | ||
| CVE-2018-3766 | — | <= 0.2.0 | — | Jul 5, 2018 | Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. |
- CVE-2019-5422Apr 3, 2019affected <= 0.2.0
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.
- CVE-2018-3766Jul 5, 2018affected <= 0.2.0
Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.