CVE-2018-3717
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2018-3717
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3717.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-3717
- Aliases
- Downstream
- Published
- 2018-06-07T02:29:08Z
- Modified
- 2025-10-21T04:34:49.311062Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
- References
Affected packages
Git / github.com/senchalabs/connect
Affected ranges
- Type
- GIT
- Repo
- https://github.com/senchalabs/connect
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
0.0.6
0.1.0
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.3.0
0.4.0
0.5.0
0.5.1
0.5.10
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.8.6
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.5.0
1.5.1
1.5.2
1.6.0
2.*
2.0.0
2.0.0alpha1
2.0.1
2.0.2
2.0.3
2.1.0
2.1.1
2.1.2
2.1.3
2.10.0
2.10.1
2.11.0
2.11.1
2.11.2
2.12.0
2.13.0
2.13.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.6.2
2.7.0
2.7.1
2.7.10
2.7.11
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8
2.7.9
2.8.0
2.8.1
2.8.2
2.8.3
2.8.4
2.8.5
2.8.7
2.8.8
2.9.0
2.9.1
2.9.2
Other
rm