Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package droppy, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2016-10529 — CVSS 8.8 (high): Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially…
CVE-2020-7757 — CVSS 6.5 (medium): This affects all versions of package droppy. It is possible to traverse directories to fetch configuration files from a droopy server.