npm package
crud-file-server
pkg:npm/crud-file-server
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-3726 | Med | 6.1 | < 0.8.0 | 0.8.0 | Jun 7, 2018 | crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | |
| CVE-2018-3733 | Hig | 7.5 | < 0.9.0 | 0.9.0 | May 29, 2018 | crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. |
- affected < 0.8.0fixed 0.8.0
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
- affected < 0.9.0fixed 0.9.0
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path.