Description
All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
Recommendation
No fix is available yet. Followings are affected versions:
- < 0.2.6
References
Related Issues
- Cross-Site Scripting in http-file-server - CVE-2019-5458
- Path Traversal in crud-file-server - CVE-2018-3733
- Path Traversal in general-file-server - CVE-2018-3724
- Path Traversal in angular-http-server - CVE-2018-3713
- Tags:
- npm
- http-file-server
Anything's wrong? Let us know Last updated on February 03, 2023