Security Vulnerabilities - CVEs Published In June 2018
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-06-07
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVSS Score
8.8
EPSS Score
0.005
Published
2018-06-07
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
CVSS Score
6.1
EPSS Score
0.005
Published
2018-06-07
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-06-07
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07
resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path.
CVSS Score
7.5
EPSS Score
0.007
Published
2018-06-07