cnvd-2018-11455
Vulnerability from cnvd
Title
inert node模块inert directory handler信息泄露漏洞
Description
inert node module是一个用于hapi.js的静态文件和目录处理程序。inert directory handler是其中的一个目录插入处理程序。 inert node模块1.1.1之前版本中的inert directory handler存在信息泄露漏洞。攻击者可利用该漏洞获取信息。
Severity
Patch Name
inert node模块inert directory handler信息泄露漏洞的补丁
Patch Description
inert node module是一个用于hapi.js的静态文件和目录处理程序。inert directory handler是其中的一个目录插入处理程序。 inert node模块1.1.1之前版本中的inert directory handler存在信息泄露漏洞。攻击者可利用该漏洞获取信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82

Reference
https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82
Impacted products
Name
inert node module inert node module <1.1.1
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-10068",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-10068"
    }
  },
  "description": "inert node module\u662f\u4e00\u4e2a\u7528\u4e8ehapi.js\u7684\u9759\u6001\u6587\u4ef6\u548c\u76ee\u5f55\u5904\u7406\u7a0b\u5e8f\u3002inert directory handler\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u76ee\u5f55\u63d2\u5165\u5904\u7406\u7a0b\u5e8f\u3002\r\n\r\ninert node\u6a21\u57571.1.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684inert directory handler\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11455",
  "openTime": "2018-06-13",
  "patchDescription": "inert node module\u662f\u4e00\u4e2a\u7528\u4e8ehapi.js\u7684\u9759\u6001\u6587\u4ef6\u548c\u76ee\u5f55\u5904\u7406\u7a0b\u5e8f\u3002inert directory handler\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u76ee\u5f55\u63d2\u5165\u5904\u7406\u7a0b\u5e8f\u3002\r\n\r\ninert node\u6a21\u57571.1.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684inert directory handler\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "inert node\u6a21\u5757inert directory handler\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "inert node module inert node module \u003c1.1.1"
  },
  "referenceLink": "https://github.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-11",
  "title": "inert node\u6a21\u5757inert directory handler\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.