漏洞描述
Joyent Node.js是美国Joyent公司的一套建立在Google V8JavaScript引擎之上的网络应用平台。该平台主要用于构建高度可伸缩的应用程序,以及编写能够处理数万条且同时连接到一个物理机的连接代码。</br>JoyentNode.js 8.6.0之前的8.5.0版本中存在安全漏洞。远程攻击者可利用该漏洞访问敏感文件。
Node.js 目录穿越漏洞(CVE-2017-14849)
PoC代码
暂无相关漏洞推荐
-
CVE-2014-3744: Node.js st module Directory Traversal POC
2025-08-01 | Node.jsA directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attacker... -
CVE-2017-14849: Node.js <8.6.0 - Directory Traversal POC
2025-08-01 | Node.jsNode.js before 8.6.0 allows remote attackers to access unintended files because a change to "..... -
CVE-2021-21315: Node.JS System Information Library <5.3.1 - Remote Command Injection POC
2025-08-01 | Node.js System Information LibraryNode.JS System Information Library System before version 5.3.1 is susceptible to remote command inje... -
CVE-2017-1000028: GlassFish LFI POC
2025-09-01 | GlassFishGlassFish是一款强健的商业兼容应用服务器,达到产品级质量,可免费用于开发、部署和重新分发。开发者可以免费获得源代码,还可以对代码进行更改。GlassFish漏洞成因:java语义中会把&quo... -
CVE-2017-1000486: Primetek Primefaces 5.x - Remote Code Execution POC
2025-09-01 | Primetek PrimefacesPrimetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution.