Описание
Path Traversal in http-live-simulator
Versions of http-live-simulator prior to 1.0.7 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. For example: curl --path-as-is http://localhost:8080//../../../../etc/passwd.
Recommendation
Upgrade to version 1.0.7
Пакеты
Наименование
http-live-simulator
npm
Затронутые версииВерсия исправления
< 1.0.7
1.0.7
Связанные уязвимости
CVSS3: 7.5
nvd
около 7 лет назад
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.