m-server
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting m-serverpage 1 of 1
- CVE-2018-16484MEDIUMCVSS 5.4EG 5.4✓ Fixed in 1.4.22019-02-01
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.
- CVE-2018-16485MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.4.12019-02-01
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.
Check whether m-server is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for m-server CVEs against the assets you own.
Start Free Scan →