|
252291
|
7.5 |
HIGH
Network
|
forwarded_project
|
forwarded
|
The forwarded module is used by the Express.js framework to handle the X-Forwarded-For header. It is vulnerable to a regular expression denial of service when it's passed specially crafted input to p…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16118
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252292
|
7.5 |
HIGH
Network
|
slug_project
|
slug
|
slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially crafted untrusted input is passed as input. About 50k charac…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16117
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252293
|
7.5 |
HIGH
Network
|
string_project
|
string
|
The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of service when specifically crafted untrusted user input is passed i…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16116
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252294
|
7.5 |
HIGH
Network
|
timespan_project
|
timespan
|
The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16115
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252295
|
7.5 |
HIGH
Network
|
marked_project
|
marked
|
The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16114
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252296
|
7.5 |
HIGH
Network
|
parsejson_project
|
parsejson
|
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
|
CWE-20
Improper Input Validation
|
CVE-2017-16113
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252297
|
7.5 |
HIGH
Network
|
content_project
|
content
|
The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2017-16111
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252298
|
7.5 |
HIGH
Network
|
weather.swlyons_project
|
weather.swlyons
|
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16110
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252299
|
5.3 |
MEDIUM
Network
|
easyquick_project
|
easyquick
|
easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to s…
|
CWE-22
Path Traversal
|
CVE-2017-16109
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252300
|
7.5 |
HIGH
Network
|
gaoxiaotingtingting_project
|
gaoxiaotingtingting
|
gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16108
|
2024-11-21 12:15 |
2018-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
