jfhbrook/node-ecstatic

jfhbrook/node-ecstatic

Releases50

Frequency1 month 4 weeks

Last Release about 6 years ago

Stars974

A static file server middleware that works with core http, express or on the CLI!

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2015-9241 ↗	May 29, 2018Tuesday, 29 May 2018, 20:29	—	5 MEDIUM
Certain input passed into the If-Modified-Since or Last-Modified headers will cause an 'illegal access' exception to be raised. Instead of sending a HTTP 500 error back to the sender, hapi node module before 11.1.3 will continue to hold the socket open until timed out (default node timeout is 2 minutes).
CVE-2015-9242 ↗	May 29, 2018Tuesday, 29 May 2018, 20:29	—	5 MEDIUM
Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.
CVE-2016-10703 ↗	Dec 14, 2017Thursday, 14 December 2017, 19:29	7.5 HIGH	7.8 HIGH
A regular expression Denial of Service (DoS) vulnerability in the file lib/ecstatic.js of the ecstatic npm package, before version 2.0.0, allows a remote attacker to overload and crash a server by passing a maliciously crafted string.