1
Candidate: CVE-2014-6393
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6393
6
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does
7
not provide a charset field in HTTP Content-Type headers in 400 level
8
responses, which might allow remote attackers to conduct cross-site
9
scripting (XSS) attacks via characters in a non-standard encoding.
18
upstream_node-express: needs-triage
19
lucid_node-express: DNE
20
precise_node-express: DNE
21
precise/esm_node-express: DNE
22
trusty_node-express: needed
23
utopic_node-express: ignored (reached end-of-life)
24
vivid_node-express: ignored (reached end-of-life)
25
vivid/stable-phone-overlay_node-express: DNE
26
vivid/ubuntu-core_node-express: DNE
27
wily_node-express: ignored (reached end-of-life)
28
xenial_node-express: needed
29
yakkety_node-express: ignored (reached end-of-life)
30
zesty_node-express: ignored (reached end-of-life)
31
artful_node-express: needed
32
bionic_node-express: needed
33
devel_node-express: needed