NodeJS/inert/1.1.0

Static file and directory handlers plugin for hapi.js

https://www.npmjs.com/package/inert
BSD

2 Security Vulnerabilities

Hidden Directories Always Served in inert

Published date: 2020-08-31T22:47:41Z
CVE: CVE-2014-10068
Links:

Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false.

The inert directory handler always allows files in hidden directories to be served, even when showHidden is false.

Recommendation

Update to version >= 1.1.1.

Affected versions: ["1.0.0", "1.1.0"]
Secure versions: [2.0.0, 1.1.1, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 3.2.1, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.2.0, 4.2.1, 5.0.0-rc1, 5.0.0-rc2, 5.0.0-rc4, 5.0.0-rc5, 5.0.0-rc7, 5.0.0-rc8, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.1.3]
Recommendation: Update to version 5.1.3.

Hidden Directories Always Served

Published date: 2014-12-16
CVSS Score: 5.3
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Coordinating vendor: ^Lift Security
Links:

The inert directory handler always allows files in hidden directories to be served, even when showHidden is false.

Affected versions: ["1.0.0", "1.1.0"]
Secure versions: [2.0.0, 1.1.1, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 3.2.1, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.1.0, 4.2.0, 4.2.1, 5.0.0-rc1, 5.0.0-rc2, 5.0.0-rc4, 5.0.0-rc5, 5.0.0-rc7, 5.0.0-rc8, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.1.2, 5.1.3]
Recommendation: Update to version >= 1.1.1.

37 Other Versions

Version License Security Released
5.1.3 BSD-3-Clause 2019-04-02 - 21:40 about 5 years
5.1.2 BSD-3-Clause 2018-11-07 - 07:39 over 5 years
5.1.1 BSD-3-Clause 2018-11-01 - 08:08 over 5 years
5.1.0 BSD-3-Clause 2018-01-15 - 13:33 over 6 years
5.0.1 BSD-3-Clause 2017-11-03 - 23:58 over 6 years
5.0.0 BSD-3-Clause 2017-11-03 - 19:12 over 6 years
5.0.0-rc8 BSD-3-Clause 2017-10-18 - 09:29 over 6 years
5.0.0-rc7 BSD-3-Clause 2017-10-17 - 18:48 over 6 years
5.0.0-rc5 BSD-3-Clause 2017-10-07 - 09:36 over 6 years
5.0.0-rc4 BSD-3-Clause 2017-10-06 - 23:09 over 6 years
5.0.0-rc2 BSD-3-Clause 2017-10-03 - 09:03 over 6 years
5.0.0-rc1 BSD-3-Clause 2017-09-28 - 20:49 over 6 years
4.2.1 BSD-3-Clause 2017-07-22 - 21:43 almost 7 years
4.2.0 BSD-3-Clause 2017-04-03 - 11:34 about 7 years
4.1.0 BSD-3-Clause 2016-12-27 - 20:32 over 7 years
4.0.4 BSD-3-Clause 2016-12-22 - 00:00 over 7 years
4.0.3 BSD-3-Clause 2016-11-29 - 02:54 over 7 years
4.0.2 BSD-3-Clause 2016-08-23 - 11:43 over 7 years
4.0.1 BSD-3-Clause 2016-07-06 - 15:36 almost 8 years
4.0.0 BSD-3-Clause 2016-05-09 - 10:39 almost 8 years
3.2.1 BSD-3-Clause 2016-05-04 - 09:52 almost 8 years
3.2.0 BSD-3-Clause 2015-10-24 - 12:08 over 8 years
3.1.0 BSD-3-Clause 2015-10-06 - 10:17 over 8 years
3.0.2 BSD-3-Clause 2015-10-02 - 13:22 over 8 years
3.0.1 BSD-3-Clause 2015-08-12 - 12:19 over 8 years
3.0.0 BSD-3-Clause 2015-08-08 - 00:40 over 8 years
2.1.6 BSD-3-Clause 2015-07-06 - 11:25 almost 9 years
2.1.5 BSD-3-Clause 2015-05-21 - 17:07 almost 9 years
2.1.4 BSD 2015-03-10 - 07:20 about 9 years
2.1.3 BSD 2015-02-09 - 07:44 about 9 years
2.1.2 BSD 2015-01-26 - 17:35 about 9 years
2.1.1 BSD 2015-01-23 - 09:27 over 9 years
2.1.0 BSD 2015-01-12 - 09:54 over 9 years
2.0.0 BSD 2014-12-09 - 22:54 over 9 years
1.1.1 BSD 2014-12-10 - 13:39 over 9 years
1.1.0 BSD 2 2014-10-22 - 08:08 over 9 years
1.0.0 BSD 2 2014-10-09 - 22:39 over 9 years