Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

fresh

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2017-16119
Assigner-HackerOne
ShareView Details
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.04%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 01:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.

Action-Not Available
Vendor-fresh_projectHackerOne
Product-freshfresh node module
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2013-1779
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-2.1||LOW
EPSS-0.20% / 42.35%
||
7 Day CHG~0.00%
Published-27 Mar, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-devsarann/aThe Drupal Association
Product-drupalfreshn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')