[Pkg-javascript-devel] Bug#744374: node-connect: methodOverride middleware reflected cross-site scripting
Paul Wise
pabs at debian.org
Sun Apr 13 13:27:24 UTC 2014
Package: node-connect
Severity: serious
Tags: security fixed-upstream
The Node Security Project discovered an XSS vulnerability in the node
connect module, please fix this bug by upgrading node-connect.
Vulnerable: <=2.8.0
Patched: >=2.8.1
Report: https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting
Upstream bug report: https://github.com/senchalabs/connect/issues/831
First fix: https://github.com/senchalabs/connect/commit/277e5aad6a95d00f55571a9a0e11f2fa190d8135
Second fix: https://github.com/senchalabs/connect/commit/126187c4e12162e231b87350740045e5bb06e93a
--
bye,
pabs
http://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20140413/d251ab88/attachment.sig>
More information about the Pkg-javascript-devel
mailing list