Search for packages
| purl | pkg:npm/connect@1.4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-a96c-xts2-suaq
Aliases: CVE-2013-7370 GHSA-3fw8-66wf-pr7m |
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware |
Affected by 2 other vulnerabilities. |
|
VCID-db52-aadj-cfg5
Aliases: CVE-2013-7371 GHSA-6w62-83g6-rfhj |
Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-qw3z-8hc5-9feq
Aliases: CVE-2018-3717 GHSA-rch9-xh7r-mqgw |
Cross-Site Scripting in connect |
Affected by 0 other vulnerabilities. |
|
VCID-u1e4-9vsb-23fp
Aliases: GMS-2013-13 |
Cross-Site Scripting with connect.methodOverride() The middleware overwrites req.method with the req.body['_method'] value. When you don't catch the error it responds with a default error msg: "Cannot [METHOD] [URL]" . Because this is not enough sanitized, you can force a Cross-Site Scripting in the response. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-12T18:06:50.028655+00:00 | GitLab Importer | Affected by | VCID-db52-aadj-cfg5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/connect/CVE-2013-7371.yml | 38.6.0 |
| 2026-06-12T17:24:15.699427+00:00 | GitLab Importer | Affected by | VCID-a96c-xts2-suaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/connect/CVE-2013-7370.yml | 38.6.0 |
| 2026-06-12T17:00:30.298338+00:00 | GitLab Importer | Affected by | VCID-qw3z-8hc5-9feq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/connect/CVE-2018-3717.yml | 38.6.0 |
| 2026-06-12T16:46:36.049211+00:00 | GitLab Importer | Affected by | VCID-u1e4-9vsb-23fp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/connect/GMS-2013-13.yml | 38.6.0 |