Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3cjItd2o2My04Nmdy
Path Traversal in simplehttpserver
All versions of simplehttpserver are vulnerable to Path Traversal.
This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.
Recommendation
No fix is currently available. Do not use simplehttpserver in production or consider using an alternative module until a fix is made available.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3cjItd2o2My04Nmdy
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: 8 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-vwr2-wj63-86gr, CVE-2018-16478
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-16478
- https://hackerone.com/reports/403703
- https://github.com/advisories/GHSA-vwr2-wj63-86gr
- https://github.com/nodejs/security-wg/blob/master/vuln/npm/484.json
- https://www.npmjs.com/advisories/744
Affected Packages
npm:simplehttpserver
Dependent packages: 10Dependent repositories: 52
Downloads: 1,532 last month
Affected Version Ranges: <= 0.3.0
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6, 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.3.0