3 matches found
@github1/protractor-axe-html-report-plugin (>=1.1.2 <=1.1.3), protractor-axe-html-report-plugin (>=0.0.1 <=1.1.1) +1 more potentially affected by CVE-2020-36629 via httpster (=1.0.3)
httpster NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on httpster and may be impacted: - @github1/protractor-axe-html-report-plugin =1.1.2, =0.0.1, =1.0.0, =2.1.0 Source cves: CVE-2020-36629 Source advisory: OSV:GHSA-P8J8-WXVP-H695...
CVE-2020-36629 SimbCo httpster server.coffee fs.realpathSync path traversal
A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is...
CVE-2020-36629
CVE-2020-36629 affects SimbCo httpster (fs.realpathSync in src/server.coffee), enabling path traversal. Exploit has been disclosed publicly. Patch d3055b3e30b40b65d30c5a06d6e053dffa7f35d0 is available and should be applied to fix. CVSSv3.1 base score 7.5 (HIGH) per NVD.