Description
All versions of simplehttpserver are vulnerable to Path Traversal.
This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.3.0
References
- GHSA-vwr2-wj63-86gr
- hackerone.com
- www.npmjs.com
- CVE-2018-16478
- CWE-22
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A6
Related Issues
- Path Traversal in html-pages - CVE-2018-3744
- Path Traversal in angular-http-server - CVE-2018-3713
- Path Traversal in general-file-server - CVE-2018-3724
- simplehttpserver allows directory traversal and file listing - CVE-2018-3787
You might also like:
- Tags:
- npm
- simplehttpserver
Anything's wrong? Let us know Last updated on September 12, 2023