Цей документ може бути застарілим, в порівнянні з оригінальною англійською версією документації.
Node.js vulnerabilities directly affect Express. Therefore keep a watch on Node.js vulnerabilities and make sure you are using the latest stable version of Node.js.
The list below enumerates the Express vulnerabilities that were fixed in the specified version update.
NOTE: If you believe you have discovered a security vulnerability in Express, please see Security Policies and Procedures.
express.static
, res.sendfile
, and res.sendFile
express.static
(advisory, CVE-2015-1164).express.static
(advisory , CVE-2014-6394).fd
s in certain situations that affect express.static
and res.sendfile
. Malicious requests could cause fd
s to leak and eventually lead to EMFILE
errors and server unresponsiveness.Express 3.x IS NO LONGER MAINTAINED
Known and unknown security issues in 3.x have not been addressed since the last update (1 August, 2015). Using the 3.x line should not be considered secure.
express.static
, res.sendfile
, and res.sendFile
express.static
(advisory, CVE-2015-1164).express.static
.fd
s in certain situations that affect express.static
and res.sendfile
. Malicious requests could cause fd
s to leak and eventually lead to EMFILE
errors and server unresponsiveness.