11 matches found
EUVD-2019-0646
Malware in sbrugna...
CVE-2019-5480
A path traversal vulnerability in = v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders...
Path Traversal
Overview All versions of statichttpserver are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a...
Path Traversal in statichttpserver
All versions of statichttpserver are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...
GHSA-2J5X-56P6-HJ6X Path Traversal in statichttpserver
All versions of statichttpserver are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...
CVE-2019-5480
A path traversal vulnerability in = v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders...
CVE-2019-5480
A path traversal vulnerability in = v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders...
Path traversal
A path traversal vulnerability in = v0.9.7 of statichttpserver npm module allows attackers to list files in arbitrary folders...
CVE-2019-5480
CVE-2019-5480 applies to statichttpserver (npm) up to version 0.9.7. The vulnerability is a path traversal flaw where the server builds a file path from the URL (e.g., using ../), allowing an attacker to list files outside the web root. Public disclosures (GitHub advisory, OSV, Red Hat) confirm t...
Directory Traversal
statichttpserver is vulnerable to directory traversal. The attack is possible because it does not validate the path name of URL and directly use it for web root. An attacker providing a path name ../ is allowed to list the chosen folder...
Node.js third-party modules: [statichttpserver] List any file in the folder by using path traversal.
I would like to report Path Traversal in statichttpserver. It allows to list any file in another folder of web root. Module module name: statichttpserver version: 0.9.7 npm page: https://www.npmjs.com/package/statichttpserver Module Description 'statichttpserver' is inspired by SimpleHTTPServer.p...