22 matches found
EUVD-2019-0251
Malware in sbrugna...
EUVD-2019-0400
Malware in sbrugna...
GHSA-XGP2-CC4R-7VF6 Denial of Service in http-live-simulator
Versions of http-live-simulator prior to 1.0.8 are vulnerable to Denial of Service. The package fails to catch an exception that causes the Node process to crash, effectively shutting down the server. This allows an attacker to send an HTTP request that crashes the server. Recommendation Upgrade ...
Denial of Service in http-live-simulator
Versions of http-live-simulator prior to 1.0.8 are vulnerable to Denial of Service. The package fails to catch an exception that causes the Node process to crash, effectively shutting down the server. This allows an attacker to send an HTTP request that crashes the server. Recommendation Upgrade ...
Denial Of Service (DoS)
http-live-simulator is vulnerable to denial of service. A remote attacker is able to crash the server by requesting the URL http://localhost:8080/../?a. The vulnerability exists due to a previous fix to prevent directory traversal, which causes the pathname to become an empty string and results i...
Denial of Service
Overview Versions of http-live-simulator prior to 1.0.8 are vulnerable to Denial of Service. The package fails to catch an exception that causes the Node process to crash, effectively shutting down the server. This allows an attacker to send an HTTP request that crashes the server. Recommendation...
Node.js third-party modules: Application level denial of service due to shutting down the server
Module module name: http-live-simulator version: 1.0.7 npm page: https://www.npmjs.com/package/http-live-simulator Description I've found a way to crash the server due to the way it parses URL Steps To Reproduce: 1- Install the module : npm install -g http-live-simulator 2- Run the server :...
GHSA-2HHW-P8MG-JRM6 Path Traversal in http-live-simulator
Versions of http-live-simulator prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.0.6...
Path Traversal in http-live-simulator
Versions of http-live-simulator prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.0.6...
Directory Traversal
http-live-simulator is vulnerable to directory traversal. The http-live-simulator module does not validate the URL pathname and allows remote attacker to retrieve arbitrary system files using the ../ charatcers...
Path Traversal
Overview Versions of http-live-simulator prior to 1.0.6 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation Upgrade to version 1.0.6 References - HackerOne Report - GitHub Advisory...
CVE-2019-5423
Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker...
Path traversal
Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker...
CVE-2019-5423
CVE-2019-5423 concerns the http-live-simulator npm package (v1.0.5) with a path traversal vulnerability caused by insufficient input sanitization. The vulnerability allows a remote attacker to access arbitrary files on the server by manipulating the requested path. Multiple connected sources (Git...
GHSA-7C9W-QMRQ-FF8R Path Traversal in http-live-simulator
Versions of http-live-simulator prior to 1.0.7 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. For example: curl --path-as-is http://localhost:8080//../../../../etc/passwd. Recommendation Upgrade to version 1.0.7...
CVE-2018-16479
Path traversal vulnerability in http-live-simulator 1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL...
Path traversal
Path traversal vulnerability in http-live-simulator 1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL...
CVE-2018-16479
Path traversal vulnerability in http-live-simulator 1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL...
CVE-2018-16479
CVE-2018-16479 affects the package http-live-simulator (versions before 1.0.7). The root cause is insufficient input sanitization in the pathname, allowing a path traversal attack by appending extra slashes after the URL, which can lead to unauthorized access to arbitrary files on disk. Public ad...
Directory Traversal
http-live-simulator is vulnerable to directory traversal attacks. The vulnerable exists due to the lack of sanitization on the value of pathname, allowing directory traversal attacks...