CVE-2018-3717

Published
View on NVD ↗
CVSS v3
5.4
MEDIUM
CVSS v2
3.5
LOW
Affected
1
PROJECT

Description

connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.

senchalabs/connect
senchalabs/connect
Connect is an extensible HTTP server framework for node using "plugins" known as middleware.
GitHubGitHub
9.89K