Description
All versions of simplehttpserver are vulnerable to Path Traversal.
This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.3.0
References
- GHSA-vwr2-wj63-86gr
- hackerone.com
- www.npmjs.com
- CVE-2018-16478
- CWE-22
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A6
Related Issues
- Cross-Site Scripting in html-pages - CVE-2018-16481
- Cross-site scripting in Swagger-UI - CVE-2019-17495
- simplehttpserver allows directory traversal and file listing - CVE-2018-3787
- Path Traversal in http-server-node - CVE-2021-23797
- Tags:
- npm
- simplehttpserver
Anything's wrong? Let us know Last updated on September 12, 2023