book-cli (=1.2.0) potentially affected by CVE-2017-16152 via static-html-server (=0.1.2)

static-html-server NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on static-html-server and may be impacted: - book-cli =1.2.0 Source cves: CVE-2017-16152 Source advisory: OSV:GHSA-9J5M-873F-XH76...

Directory Traversal in static-html-server

Affected versions of static-html-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

static-html-server is vulnerable to directory traversal attacks. These attacks are possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information...

static-html-server directory traversal vulnerability

static-html-server is a static file server. A directory traversal vulnerability exists in static-html-server. An attacker can exploit this vulnerability by placing a '... /' sequence in a URL to gain access to the file system...

CVE-2017-16152

static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

Directory traversal

static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

CVE-2017-16152

CVE-2017-16152 affects the static-html-server static file server. The connected documents describe a directory traversal vulnerability triggered by URL paths containing ../, which can allow an attacker to access files outside the intended directory root and disclose private files. PoC examples ar...