Browse all 4 CVE security advisories affecting pillarjs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pillarjs is a JavaScript framework for building modular web applications and APIs, emphasizing flexibility and composability. Historically, it has been susceptible to remote code execution (RCE) and cross-site scripting (XSS) vulnerabilities, often stemming from improper input validation and insecure middleware handling. While no major public security incidents have been widely documented, the four CVEs on record highlight recurring issues in request parsing and template rendering. Its lightweight nature and extensive middleware ecosystem introduce potential attack surfaces, particularly when third-party packages are integrated without proper vetting. Developers should prioritize input sanitization and dependency management to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-52798 | path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x — path-to-regexpCWE-1333 | 5.3 | - | 2024-12-05 |
| CVE-2024-43799 | send vulnerable to template injection that can lead to XSS — sendCWE-79 | 5.0 | Medium | 2024-09-10 |
| CVE-2024-45296 | path-to-regexp outputs backtracking regular expressions — path-to-regexpCWE-1333 | 7.5 | High | 2024-09-09 |
| CVE-2021-32822 | File disclosure in hbs — hbsCWE-538 | 4.0 | Medium | 2021-08-16 |
This page lists every published CVE security advisory associated with pillarjs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.