3 matches found
h-include (=1.0.0), hinclude (>=1.0.1 <=1.1.0) +4 more potentially affected by CVE-2018-16478 via simplehttpserver (>=0.0.6 <=0.2.1)
simplehttpserver NPM version =0.0.6, =1.0.1, =0.0.1, =0.0.2 Source cves: CVE-2018-16478 Source advisory: OSV:GHSA-VWR2-WJ63-86GR...
CVE-2018-16478
CVE-2018-16478 affects the Python-like HTTP server module simplehttpserver , version ≤ 0.2.1. The root cause is a path traversal vulnerability that allows a URL to navigate via symlinks, enabling an attacker to list files outside the web root (information disclosure). Documented impact: informati...
CVE-2018-16478
A Path Traversal in simplehttpserver versions =0.2.1 allows to list any file in another folder of web root...