buttle@0.3.1 vulnerabilities

Serve static files from cwd

Known vulnerabilities in the buttle package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) buttle is a simple static file (+ markdown) server. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows to execute arbitrary code due to unsafe rendering of markdown files. How to fix Cross-site Scripting (XSS)? There is no fixed version for `buttle`.	*
M Cross-site Scripting (XSS) `buttle` is a Serve static files from cwd. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. Due to lack of filenames sanitization, it is possible to inject a malicious iframe tag via filename and execute arbitray JavaScript code. How to fix Cross-site Scripting (XSS)? There is no fix version for `buttle`.	*
H Directory Traversal buttle is a Simple static file (+ markdown) server. Affected versions of this package are vulnerable to Directory Traversal attacks. An attacker could read any file in the server. How to fix Directory Traversal? There is no fix version for `buttle`.	*
C Arbitrary Command Injection buttle is a Simple static file (+ markdown) server. Affected versions of this package are vulnerable to Arbitrary Command Injection. When `buttle` is run with `--php-bin` option (to handle PHP), the PHP filename is not sanitized and allows to inject shell commands. How to fix Arbitrary Command Injection? There is no fix version for `buttle`.	*