Description
Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server.
Recommendation
Update the simplehttpserver package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.2.1
- Patched version(s): 0.2.1
References
Related Issues
- SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory - CVE-2026-34522
- Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory - CVE-2026-30848
- Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read - CVE-2026-40163
- MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827 - CVE-2025-67898
You might also like:
- Tags:
- npm
- simplehttpserver
Anything's wrong? Let us know Last updated on September 12, 2023