VYPR

Exxxxxxxxxxx Node Module

by Hackerone

CVEs (3)

  • CVE-2017-16130HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxxxxxxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to those with a file extension. Files with no…

  • CVE-2017-16024MedJun 4, 2018
    risk 0.42cvss 6.5epss 0.03

    The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain…

  • CVE-2017-16222MedJun 7, 2018
    risk 0.35cvss 5.3epss 0.02

    elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to files with a file extension. Sending a GET request to…