Page Contents

The following pages are tagged with

TitleExcerpt
Security advisory 03-10-2017 Security risk: Medium-high Vulnerability: loopback-component-storage to directory traversal attack Description A security leak exposing loopback-component-storage to directory traversal attack. The component was exposed to a vulnerability where an attacker could use a command to retrieve the content of the server.js file of a LoopBack application and...
Security advisory 09-21-2017 Security risk: Medium Vulnerability: Remote Memory Exposure Description Remote memory exposure in nano@6.3.0. Nano was using package follow that has 2 packages with reported node security vulnerability. Packages are: request@2.55.0 hawk@2.3.1 Our module loopback-connector-couchdb2 use the affected versions. Also, loopback-connector-cloudant use couchdb2...
Security advisory 10-24-2017 Security risk: Medium Vulnerability: Multi-user password reset exploit Description When multiple User models were deployed it was possible for a resetToken for UserA to be used to reset the password for UserB or vice-versa. See issue for more details. Reported by GitHub user