daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2017/CVE-2017-14849.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-06-09 12:28:11 -04:00
parent b2486517e7
commit ce27319df4
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cves/2017/CVE-2017-14849.yaml
View File

@ -1,14 +1,14 @@
id: CVE-2017-14849 id: CVE-2017-14849
info: info:
name: Node.js 8.5.0 >=< 8.6.0 Directory Traversal name: Node.js <8.6.0 - Directory Traversal
author: Random_Robbie author: Random_Robbie
severity: high severity: high
description: Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules. description: Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules.
reference: reference:
- https://twitter.com/nodejs/status/913131152868876288 - https://twitter.com/nodejs/status/913131152868876288
- https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ - https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
- http://www.securityfocus.com/bid/101056 - https://nvd.nist.gov/vuln/detail/CVE-2017-14849
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -29,3 +29,5 @@ requests:
regex: regex:
- "root:.*:0:0:" - "root:.*:0:0:"
part: body part: body
# Enhanced by mp on 2022/06/09