npm package
public
pkg:npm/public
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16480 | — | < 0.1.4 | 0.1.4 | Feb 1, 2019 | A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering. | ||
| CVE-2018-3747 | — | < 0.1.4 | 0.1.4 | Jul 3, 2018 | The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. | ||
| CVE-2018-3731 | — | < 0.1.3 | 0.1.3 | Jun 7, 2018 | public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. |
- CVE-2018-16480Feb 1, 2019affected < 0.1.4fixed 0.1.4
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.
- CVE-2018-3747Jul 3, 2018affected < 0.1.4fixed 0.1.4
The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.
- CVE-2018-3731Jun 7, 2018affected < 0.1.3fixed 0.1.3
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.