Path Traversal in angular-http-server (GHSA-vmhw-fhj6-m3g5)

Description

Versions of angular-http-server before 1.4.4 are vulnerable to path traversal.

Recommendation

Update the angular-http-server package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.4.4
• Patched version(s): 1.4.4

References

• GHSA-vmhw-fhj6-m3g5
• hackerone.com
• www.npmjs.com
• CWE-22
• OWASP 2021-A1

Related Issues

• Path Traversal in angular-http-server - CVE-2018-3713
• static-server Path Traversal vulnerability - CVE-2023-26152
• Path Traversal in http-file-server - CVE-2019-5447
• Path Traversal in http-server-node - CVE-2021-23797

Tags:

npm

angular-http-server