CVE-2019-5422 · Vexday

CVE-2019-5422

EPSS 1.2%CWE-79

XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.

Affected products

Npm, Inc. · buttle

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://hackerone.com/reports/331110