Description
The @vivaxy/here module is a small web server that serves files with the process’ working directory acting as the web root.
It is vulnerable to a directory traversal attack.
This means that files on the local file system which exist outside of the web root may be disclosed to an attacker. This might include confidential files.
Recommendation
Update the @vivaxy/here package to the latest compatible version. Followings are version details:
- Affected version(s): <= 3.2.1
- Patched version(s): 3.2.2
References
Related Issues
- Stimulsoft Dashboard.JS directory traversal vulnerability - CVE-2024-24398
- Directory Traversal vulnerability in serve-lite - CVE-2022-21192
- Directory Traversal - Vulnerability
- Directory Traversal in node-simple-router - CVE-2017-16083
- Tags:
- npm
- @vivaxy/here
Anything's wrong? Let us know Last updated on January 09, 2023