Search criteria
3 vulnerabilities found for restify by restify
FKIE_CVE-2017-16018
Vulnerability from fkie_nvd - Published: 2018-06-04 19:29 - Updated: 2024-11-21 03:15
Severity ?
Summary
Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.
References
| URL | Tags | ||
|---|---|---|---|
| support@hackerone.com | https://github.com/restify/node-restify/issues/1018 | Exploit, Issue Tracking, Third Party Advisory | |
| support@hackerone.com | https://nodesecurity.io/advisories/314 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/restify/node-restify/issues/1018 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nodesecurity.io/advisories/314 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:restify:restify:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "40114976-C843-4E4D-A040-569D2540D814",
"versionEndIncluding": "4.0.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Restify is a framework for building REST APIs. Restify \u003e=2.0.0 \u003c=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers."
},
{
"lang": "es",
"value": "Restify es un framework para construir API REST. Restify desde la versi\u00f3n 2.0.0 hasta la 4.0.4 (ambas incluidas), al emplear etiquetas de script cifradas de URL en una URL que no existe, un atacante puede conseguir ejecutar scripts en algunos navegadores."
}
],
"id": "CVE-2017-16018",
"lastModified": "2024-11-21T03:15:40.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-04T19:29:01.147",
"references": [
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/restify/node-restify/issues/1018"
},
{
"source": "support@hackerone.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/restify/node-restify/issues/1018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nodesecurity.io/advisories/314"
}
],
"sourceIdentifier": "support@hackerone.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "support@hackerone.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-16018 (GCVE-0-2017-16018)
Vulnerability from cvelistv5 – Published: 2018-06-04 19:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS) - Generic (CWE-79)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HackerOne | restify node module |
Affected:
>=2.0.0 <=4.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:13:06.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/314"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/restify/node-restify/issues/1018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "restify node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "\u003e=2.0.0 \u003c=4.0.4"
}
]
}
],
"datePublic": "2018-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Restify is a framework for building REST APIs. Restify \u003e=2.0.0 \u003c=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Generic (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-04T18:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/314"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/restify/node-restify/issues/1018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "restify node module",
"version": {
"version_data": [
{
"version_value": "\u003e=2.0.0 \u003c=4.0.4"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Restify is a framework for building REST APIs. Restify \u003e=2.0.0 \u003c=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/314",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/314"
},
{
"name": "https://github.com/restify/node-restify/issues/1018",
"refsource": "MISC",
"url": "https://github.com/restify/node-restify/issues/1018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16018",
"datePublished": "2018-06-04T19:00:00Z",
"dateReserved": "2017-10-29T00:00:00",
"dateUpdated": "2024-09-16T17:54:46.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16018 (GCVE-0-2017-16018)
Vulnerability from nvd – Published: 2018-06-04 19:00 – Updated: 2024-09-16 17:54
VLAI?
Summary
Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS) - Generic (CWE-79)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HackerOne | restify node module |
Affected:
>=2.0.0 <=4.0.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:13:06.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/314"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/restify/node-restify/issues/1018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "restify node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "\u003e=2.0.0 \u003c=4.0.4"
}
]
}
],
"datePublic": "2018-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Restify is a framework for building REST APIs. Restify \u003e=2.0.0 \u003c=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site Scripting (XSS) - Generic (CWE-79)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-04T18:57:01",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nodesecurity.io/advisories/314"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/restify/node-restify/issues/1018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "restify node module",
"version": {
"version_data": [
{
"version_value": "\u003e=2.0.0 \u003c=4.0.4"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Restify is a framework for building REST APIs. Restify \u003e=2.0.0 \u003c=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/314",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/314"
},
{
"name": "https://github.com/restify/node-restify/issues/1018",
"refsource": "MISC",
"url": "https://github.com/restify/node-restify/issues/1018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2017-16018",
"datePublished": "2018-06-04T19:00:00Z",
"dateReserved": "2017-10-29T00:00:00",
"dateUpdated": "2024-09-16T17:54:46.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}