2019-09-09 19:15:14 2019-10-10 01:50:56

Seneca < 3.9.0 contains a vulnerability that could lead to exposing environment variables to unauthorized users.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Senecajs Seneca 0.4.2 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.4.3 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.4.4 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.2 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.3 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.4 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.5 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.6 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.7 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.8 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.9 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.10 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.11 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.12 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.13 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.14 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.15 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.16 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.17 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.17.1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.18 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.19 Rc1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.20 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.5.21 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.6.1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.6.2 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.6.3 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.6.4 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.6.5 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.7.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.7.1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.7.2 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.8.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.9.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.9.1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.9.2 ~~~node.js~~ (not an official CPE) Senecajs Seneca 0.9.3 ~~~node.js~~ (not an official CPE) Senecajs Seneca 1.0.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 1.1.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 1.2.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 1.3.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 1.4.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 2.0.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 2.0.1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 2.1.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.0.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.1.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.2.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.2.1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.2.2 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.3.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.4.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.4.1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.4.2 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.4.3 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.5.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.6.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.7.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.8.0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.8.0 Rc0 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.8.0 Rc1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.8.0 Rc2 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.8.1 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.8.2 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.8.3 ~~~node.js~~ (not an official CPE) Senecajs Seneca 3.8.4 ~~~node.js~~ (not an official CPE)
Advisory Patch Confirmed Link
https://hackerone.com/reports/526258