Описание
Path Traversal in http-file-server
All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
http-file-server
npm
Затронутые версииВерсия исправления
Отсутствует
Связанные уязвимости
CVSS3: 5.3
nvd
больше 6 лет назад
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.