Homepage

hfs@0.49.0-beta8 vulnerabilities

HTTP File Server

  • latest version

    0.57.11

  • latest non vulnerable version

    0.57.11

  • first published

    13 years ago

  • latest version published

    5 days ago

  • licenses detected

  • View hfs package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the hfs package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Use of Web Link to Untrusted Target with window.opener Access

    hfs is a HTTP File Server

    Affected versions of this package are vulnerable to Use of Web Link to Untrusted Target with window.opener Access via the openFileMenu function in the fileMenu.ts file. An attacker can manipulate the content of the original browser tab by exploiting the window.opener property after a user clicks a crafted external link, potentially leading to credential theft or exposure of sensitive information.

    Note: This is only exploitable if users access the application using outdated browsers that do not mitigate this issue at the browser level.

    How to fix Use of Web Link to Untrusted Target with window.opener Access?

    Upgrade hfs to version 0.57.10-beta1 or higher.

    <0.57.10-beta1
    • C
    OS Command Injection

    hfs is a HTTP File Server

    Affected versions of this package are vulnerable to OS Command Injection via the improper use of execSync instead of spawnSync for executing shell commands.

    How to fix OS Command Injection?

    Upgrade hfs to version 0.52.10 or higher.

    <0.52.10
    Go back to all versions of this package