Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1ajgtcG03NS01djh4
Path Traversal in simplehttpserver
Versions of simplehttpserver prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths.
Recommendation
Upgrade to version 0.2.1 or later.
Permalink: https://github.com/advisories/GHSA-45j8-pm75-5v8xJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1ajgtcG03NS01djh4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 5 years ago
Updated: over 1 year ago
Identifiers: GHSA-45j8-pm75-5v8x, CVE-2018-16493
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16493
- https://hackerone.com/reports/432600
- https://github.com/advisories/GHSA-45j8-pm75-5v8x
- https://www.npmjs.com/advisories/967
- https://hackerone.com/reports/357109
- https://www.npmjs.com/advisories/968
Affected Packages
npm:static-resource-server
Dependent packages: 0Dependent repositories: 1
Downloads: 11 last month
Affected Version Ranges: <= 1.7.2
No known fixed version
All affected versions: 1.0.1, 1.1.1, 1.2.1, 1.3.1, 1.4.1, 1.5.1, 1.6.1, 1.6.2, 1.7.2