Public.js Project: >> Public.js >> 0.1.2 Security Vulnerabilities
The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-07-03
public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-06-07