CVE-2018-3717
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-3717
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3717.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-3717
- Aliases
- Related
- Published
- 2018-06-07T02:29:08Z
- Modified
- 2025-07-01T23:43:10.679338Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
- References
Affected packages
Debian:11 / node-connect
Package
- Name
- node-connect
- Purl
- pkg:deb/debian/node-connect?arch=source
Debian:12 / node-connect
Package
- Name
- node-connect
- Purl
- pkg:deb/debian/node-connect?arch=source
Debian:13 / node-connect
Package
- Name
- node-connect
- Purl
- pkg:deb/debian/node-connect?arch=source
Git / github.com/senchalabs/connect
Affected ranges
- Type
- GIT
- Repo
- https://github.com/senchalabs/connect
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.1.0
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.3.0
0.4.0
0.5.0
0.5.1
0.5.10
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.8.6
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.5.0
1.5.1
1.5.2
1.6.0
2.*
2.0.0
2.0.0alpha1
2.0.1
2.0.2
2.0.3
2.1.0
2.1.1
2.1.2
2.1.3
2.10.0
2.10.1
2.11.0
2.11.1
2.11.2
2.12.0
2.13.0
2.13.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.6.2
2.7.0
2.7.1
2.7.10
2.7.11
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.7
2.8.8
2.9.0
2.9.1
2.9.2
Other
rm