Описание
Path Traversal in simplehttpserver
Versions of simplehttpserver prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths.
Recommendation
Upgrade to version 0.2.1 or later.
Пакеты
Наименование
static-resource-server
npm
Затронутые версииВерсия исправления
<= 1.7.2
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
около 7 лет назад
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.