Page 3 of 44 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential information from the buffer/tmp file, while it exists. El módulo sync-exec se emplea para simular child_process.execSync en la versiones de node anteriores a la 0.11.9. Sync-exec emplea directorios tmp como búfer antes de devolver valores. • https://cwe.mitre.org/data/definitions/377.html https://github.com/gvarsanyi/sync-exec/issues/17 https://nodesecurity.io/advisories/310 https://www.owasp.org/index.php/Insecure_Temporary_File • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-377: Insecure Temporary File •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. Vulnerabilidad de salto de directorio en el módulo st en versiones anteriores a la 0.2.5 para Node.js permite que atacantes remotos lean archivos arbitrarios mediante un %2e%2e (punto punto de manera codificada) en una ruta no especificada. • http://www.openwall.com/lists/oss-security/2014/05/13/1 http://www.openwall.com/lists/oss-security/2014/05/15/2 http://www.securityfocus.com/bid/67389 https://github.com/isaacs/st https://nodesecurity.io/advisories/st_directory_traversal • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). node en su versión 0.3.2 y URONode en versiones anteriores a la 1.0.5r3 permite que los atacantes remotos provoquen una denegación de servicio (consumo de ancho de banda). • http://www.openwall.com/lists/oss-security/2015/04/06/3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777013 https://bugzilla.redhat.com/show_bug.cgi?id=1209781 https://support.f5.com/csp/article/K64462543?utm_source=f5support&amp%3Butm_medium=RSS • CWE-399: Resource Management Errors •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. El módulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos de sitios cruzados (XSS) a través de un vector relacionado con la reparación de IU. • http://www.openwall.com/lists/oss-security/2016/04/20/11 https://nodesecurity.io/advisories/41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. El paquete tar en versiones anteriores a 2.0.0 para Node.js permite a atacantes remotos ercribir archivos arbitrarios a través de un ataque de enlace simbólico en un archivo. • http://www.openwall.com/lists/oss-security/2016/04/20/11 https://nodesecurity.io/advisories/57 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •