|
253041
|
7.5 |
HIGH
Network
|
datachannel-client_project
|
datachannel-client
|
datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in t…
|
CWE-22
Path Traversal
|
CVE-2017-16121
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253042
|
7.5 |
HIGH
Network
|
liyujing_project
|
liyujing
|
liyujing is a static file server. liyujing is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16120
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253043
|
7.5 |
HIGH
Network
|
fresh_project
|
fresh
|
Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16119
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253044
|
7.5 |
HIGH
Network
|
forwarded_project
|
forwarded
|
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to p…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16118
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253045
|
7.5 |
HIGH
Network
|
slug_project
|
slug
|
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k charac…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16117
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253046
|
7.5 |
HIGH
Network
|
string_project
|
string
|
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed i…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16116
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253047
|
7.5 |
HIGH
Network
|
timespan_project
|
timespan
|
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16115
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253048
|
7.5 |
HIGH
Network
|
marked_project
|
marked
|
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16114
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253049
|
7.5 |
HIGH
Network
|
parsejson_project
|
parsejson
|
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
|
CWE-20
Improper Input Validation
|
CVE-2017-16113
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253050
|
7.5 |
HIGH
Network
|
content_project
|
content
|
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16111
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
