VYPR

npm package

connect

pkg:npm/connect

Vulnerabilities (3)

  • CVE-2013-7371Dec 11, 2019
    affected < 2.8.2fixed 2.8.2

    node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)

  • CVE-2013-7370Dec 11, 2019
    affected < 2.8.1fixed 2.8.1

    node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

  • CVE-2018-3717Jun 7, 2018
    affected < 2.14.0fixed 2.14.0

    connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.