updated names
parent
f9982cf3b6
commit
a5d22b8684
|
@ -1,7 +1,7 @@
|
|||
id: express-lfr
|
||||
|
||||
info:
|
||||
name: Express LFR
|
||||
name: Express - Local File Read
|
||||
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
|
||||
severity: info
|
||||
description: Untrusted user input in express render() function can result in arbitrary file read if hbs templating is used.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: generic-path-traversal
|
||||
|
||||
info:
|
||||
name: Generic Path Traversal
|
||||
name: Generic - Path Traversal
|
||||
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
|
||||
severity: info
|
||||
description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: tar-path-overwrite
|
||||
id: tar-extraction
|
||||
|
||||
info:
|
||||
name: Tar Path Overwrite
|
||||
name: Path Injection Vulnerability in TAR Extraction
|
||||
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
|
||||
severity: info
|
||||
description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection.
|
||||
|
|
Loading…
Reference in New Issue