VYPR

Fbr Client Node Module

by Hackerone

CVEs (3)

  • CVE-2017-16217HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2016-10536MedMay 31, 2018
    risk 0.31cvss 5.9epss 0.01

    engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is…

  • CVE-2016-10538LowMay 31, 2018
    risk 0.23cvss 3.5epss 0.01

    The package `node-cli` before 1.0.0 insecurely uses the lock_file and log_file. Both of these are temporary, but it allows the starting user to overwrite any file they have access to.