Description
All versions of simplehttpserver are vulnerable to Path Traversal.
This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.3.0
References
- GHSA-vwr2-wj63-86gr
- hackerone.com
- www.npmjs.com
- CVE-2018-16478
- CWE-22
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A6
Related Issues
- DOMpurify has a nesting-based mXSS - CVE-2024-47875
- simplehttpserver allows directory traversal and file listing - CVE-2018-3787
- Cross-Site Scripting in html-pages - CVE-2018-16481
- Path Traversal in http-server-node - CVE-2021-23797
- Tags:
- npm
- simplehttpserver
Anything's wrong? Let us know Last updated on September 12, 2023