VDB
CVE-2017-14849
CVE-2017-14849
PUBLISHED
Reported by mitre · Published September 28, 2017
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was incompatible with the pathname validation used by unspecified community modules.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Exploit Intelligence
- Nuclei Template: CVE-2017-14849 (nuclei-template)
- Nuclei Template: CVE-2017-14849 (nuclei-template)
- Nuclei Template: CVE-2017-14849 (nuclei-template)
- Nuclei Template: CVE-2017-14849 (nuclei-template)
- Nuclei Template: CVE-2017-14849 (nuclei-template)
Timeline
- Sep 28, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Dec 17, 2024 EPSS Score
- Feb 4, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 2, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
References
- x_refsource_CONFIRM
- 101056 vdb-entryx_refsource_BID
- x_refsource_CONFIRM