Description
All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
Recommendation
No fix is available yet. Followings are affected versions:
- < 0.2.6
References
Related Issues
- Firebase vulnerable to CRSF attack - CVE-2024-4128
- Cube API denial of service attack - CVE-2023-50709
- Prototype Pollution in protobufjs - CVE-2022-25878
- Cross-Site Scripting in highcharts - Vulnerability
- Tags:
- npm
- http-file-server
Anything's wrong? Let us know Last updated on February 03, 2023