Описание
Directory Traversal in hostr
Affected versions of hostr are vulnerable to directory traversal which allows attackers to read files outside the current directory by sending ../ in the url path for GET requests.
Recommendation
Upgrade to version 2.3.6 or later.
Пакеты
Наименование
hostr
npm
Затронутые версииВерсия исправления
<= 2.3.5
2.3.6
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests.