GHSA-vwr2-wj63-86gr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vwr2-wj63-86gr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-vwr2-wj63-86gr/GHSA-vwr2-wj63-86gr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vwr2-wj63-86gr
- Aliases
-
- CVE-2018-16478
- Published
- 2018-12-06T15:49:10Z
- Modified
- 2023-11-08T04:00:00.251385Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Path Traversal in simplehttpserver
- Details
-
All versions of
simplehttpserverare vulnerable to Path Traversal.This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL.
Recommendation
No fix is currently available. Do not use
simplehttpserverin production or consider using an alternative module until a fix is made available. - Database specific
{ "github_reviewed_at": "2020-06-16T21:58:36Z", "github_reviewed": true, "severity": "MODERATE", "nvd_published_at": null, "cwe_ids": [ "CWE-22" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-16478
- https://hackerone.com/reports/403703
- https://github.com/advisories/GHSA-vwr2-wj63-86gr
- https://github.com/nodejs/security-wg/blob/master/vuln/npm/484.json
- https://github.com/tikonen/blog/tree/master/simplehttpserver
- https://www.npmjs.com/advisories/744
Affected packages
npm / simplehttpserver
Package
- Name
- simplehttpserver
- View open source insights on deps.dev
- Purl
- pkg:npm/simplehttpserver