Description
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.0.2
References
Related Issues
- Path Traversal in http-file-server - CVE-2019-5447
- Path Traversal in angular-http-server - CVE-2018-3713
- Path Traversal in node-red-contrib-huemagic - CVE-2021-25864
- Path traversal in url-parse - CVE-2021-27515
- Tags:
- npm
- http-server-node
Anything's wrong? Let us know Last updated on September 11, 2023