Описание
Path Traversal in simplehttpserver
All versions of simplehttpserver are vulnerable to Path Traversal.
This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.
Recommendation
No fix is currently available. Do not use simplehttpserver in production or consider using an alternative module until a fix is made available.
Пакеты
Наименование
simplehttpserver
npm
Затронутые версииВерсия исправления
<= 0.3.0
Отсутствует
Связанные уязвимости
CVSS3: 5.3
nvd
около 7 лет назад
A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.