simplehttpserver allows directory traversal and file listing

Description

Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server.

Recommendation

Update the simplehttpserver package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.2.1
• Patched version(s): 0.2.1

References

• GHSA-gpvj-q7fp-jcch
• hackerone.com
• CVE-2018-3787
• CWE-22
• CAPEC-310
• OWASP 2021-A1
• OWASP 2021-A6

Related Issues

• Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory - CVE-2026-30848
• Path Traversal in simplehttpserver - CVE-2018-16478
• Path Traversal in general-file-server - CVE-2018-3724
• Path Traversal in crud-file-server - CVE-2018-3733

Tags:

npm

simplehttpserver