Package: node-connect
Severity: serious
Tags: security fixed-upstream

The Node Security Project discovered an XSS vulnerability in the node
connect module, please fix this bug by upgrading node-connect.

Vulnerable: <=2.8.0
Patched: >=2.8.1
Report: 
https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting
Upstream bug report: https://github.com/senchalabs/connect/issues/831
First fix: 
https://github.com/senchalabs/connect/commit/277e5aad6a95d00f55571a9a0e11f2fa190d8135
Second fix: 
https://github.com/senchalabs/connect/commit/126187c4e12162e231b87350740045e5bb06e93a

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to