Cross-Site Scripting Vulnerability in Buttle npm Package by npm
CVE-2019-5422

6.1MEDIUM

Key Information:

Vendor: Npm, Inc.
Status: Buttle
Vendor: CVE Published:; 3 April 2019

What is CVE-2019-5422?

The Buttle npm package version 0.2.0 contains a vulnerability that allows attackers to execute arbitrary code in a victim's browser. This occurs when an attacker successfully creates an arbitrary file on the server, leading to compromised web applications and exposing users to malicious scripts. Proper validation and sanitization measures are critical to mitigate this issue.

Affected Version(s)

buttle 0.2.0

References

https://hackerone.com/reports/331110

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2019
Vulnerability Reserved
Jan 4, 2019

CVE-2019-5422 Data

JSON

Npm, Inc.

What is CVE-2019-5422?

Affected Version(s)

References

CVSS V3.1

Timeline