CVE-2018-3717

Name of the Vulnerable Software and Affected Versions connect node module versions prior to 2.14.0

Description The issue is related to a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of a file in the directory.js middleware. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions prior to 2.14.0, update to version 2.14.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory.js middleware until a patch is available.