Etherpad: >> Etherpad Security Vulnerabilities
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.011
Published
2018-04-07
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB).
CVSS Score
8.1
EPSS Score
0.011
Published
2018-04-07
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.
CVSS Score
9.8
EPSS Score
0.001
Published
2018-02-08
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-01-12
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1.
CVSS Score
7.5
EPSS Score
0.004
Published
2017-09-07
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.
CVSS Score
7.5
EPSS Score
0.038
Published
2017-07-07
Page 2