Description
All versions of simplehttpserver are vulnerable to Path Traversal.
This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 0.3.0
References
- GHSA-vwr2-wj63-86gr
- hackerone.com
- www.npmjs.com
- CVE-2018-16478
- CWE-22
- CAPEC-310
- OWASP 2021-A1
- OWASP 2021-A6
Related Issues
- simplehttpserver allows directory traversal and file listing - CVE-2018-3787
- Path Traversal in angular-http-server - CVE-2018-3713
- Path Traversal in crud-file-server - CVE-2018-3733
- Path Traversal in general-file-server - CVE-2018-3724
- Tags:
- npm
- simplehttpserver
Anything's wrong? Let us know Last updated on September 12, 2023