CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-14849

Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.902

EPSS Ranking 99.6%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/101056
https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
https://twitter.com/nodejs/status/913131152868876288
http://www.securityfocus.com/bid/101056
https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
https://twitter.com/nodejs/status/913131152868876288

Products affected by CVE-2017-14849

Nodejs » Node.js » Version: 8.5.0

cpe:2.3:a:nodejs:node.js:8.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14849

Products

Pricing

Contact Us