simplehttpserver allows directory traversal and file listing

Description

Path traversal in simplehttpserver <v0.2.1 allows listing any file on the server.

Recommendation

Update the simplehttpserver package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.2.1
• Patched version(s): 0.2.1

References

• GHSA-gpvj-q7fp-jcch
• hackerone.com
• CVE-2018-3787
• CWE-22
• CAPEC-310
• OWASP 2021-A1
• OWASP 2021-A6

Related Issues

• Path Traversal in simplehttpserver - CVE-2018-16478
• MJML allows mj-include directory traversal due to an incomplete fix for CVE-2020-12827 - CVE-2025-67898
• Path Traversal in crud-file-server - CVE-2018-3733
• Path Traversal in general-file-server - CVE-2018-3724

Tags:

npm

simplehttpserver