The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution. Date published : 2018-06-06 https://github.com/substack/static-eval/pull/18 https://maustin.net/articles/2017-10/static_eval
aegir is a module to help automate JavaScript project management. Version 12.0.0 through and including 12.0.7 bundled and published to npm the user (that performed a aegir-release) GitHub token. Date published : 2018-06-06 https://nodesecurity.io/advisories/546
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result...
nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/nodeaaaaa https://nodesecurity.io/advisories/446
elding is a simple web server. elding is vulnerable to a directory traversal issue, allowing an attacker to access the filesystem by placing "../" in the url. The files accessible, however, are limited to...
yzt is a simple file server. yzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/yzt https://nodesecurity.io/advisories/416
wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/wind-mvc https://nodesecurity.io/advisories/417
yttivy is a static file server. yttivy is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/yttivy https://nodesecurity.io/advisories/441
dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/dgard8.lab6 https://nodesecurity.io/advisories/444
fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06...
tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tencent-server https://nodesecurity.io/advisories/418
sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/sgqserve https://nodesecurity.io/advisories/419
peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/peiserver https://nodesecurity.io/advisories/420
mfrserver is a simple file server. mfrserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Date published : 2018-06-06 https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/mfrserver https://nodesecurity.io/advisories/421