|
258201
|
7.5 |
HIGH
Network
|
string_project
|
string
|
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed i…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16116
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258202
|
7.5 |
HIGH
Network
|
timespan_project
|
timespan
|
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16115
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258203
|
7.5 |
HIGH
Network
|
marked_project
|
marked
|
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16114
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258204
|
7.5 |
HIGH
Network
|
parsejson_project
|
parsejson
|
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
|
CWE-20
Improper Input Validation
|
CVE-2017-16113
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258205
|
7.5 |
HIGH
Network
|
content_project
|
content
|
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16111
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258206
|
7.5 |
HIGH
Network
|
weather.swlyons_project
|
weather.swlyons
|
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16110
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258207
|
5.3 |
MEDIUM
Network
|
easyquick_project
|
easyquick
|
easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to s…
|
CWE-22
Path Traversal
|
CVE-2017-16109
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258208
|
7.5 |
HIGH
Network
|
gaoxiaotingtingting_project
|
gaoxiaotingtingting
|
gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16108
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258209
|
7.5 |
HIGH
Network
|
pooledwebsocket_project
|
pooledwebsocket
|
pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16107
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258210
|
7.5 |
HIGH
Network
|
tmock_project
|
tmock
|
tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16106
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
