dy-server2@0.1.1 vulnerabilities

a simple static server.

Direct Vulnerabilities

Known vulnerabilities in the dy-server2 package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Cross-site Scripting (XSS)

dy-server2 is a lightweight http server that can be used for file transfer and front-end project preview.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An unknown component of this library is vulnerable to stored XSS attacks. This is demonstrated with the following PoC.

PoC

  1. Install package from npm: npm i -g dy-server2
  2. Create folder or file with name: <img src=x onerror=alert(1)>
  3. Start server: dy-server2 -p 8888
  4. Open website and the code will execute

How to fix Cross-site Scripting (XSS)?

There is no fixed version for dy-server2.

*