http-live-simulator@1.0.3 vulnerabilities

HTTP Server that serves with random delay for live simulations

latest version

1.0.8
first published

6 years ago
latest version published

5 years ago
licenses detected
- MIT
  >=0
View http-live-simulator package health on Snyk Advisor Open this link in a new tab

Known vulnerabilities in the http-live-simulator package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Denial of Service (DoS) http-live-simulator is a simple http file server for local development written in Node.JS. Affected versions of this package are vulnerable to Denial of Service (DoS) while requesting a directory. How to fix Denial of Service (DoS)? A fix was pushed into the `master` branch but not yet published.	*
H Directory Traversal http-live-simulator is a simple http file server for local development written in Node.JS. Affected versions of this package are vulnerable to Directory Traversal. An attacker could read arbitrary files from any location on disk. Note This vulnerability is due to an incomplete fix in SNYK-JS-HTTPLIVESIMULATOR-72456 How to fix Directory Traversal? Upgrade `http-live-simulator` to version 1.0.7 or higher.	<1.0.7
H Directory Traversal `http-live-simulator` is a HTTP Server that serves with random delay for live simulations. Affected versions of this package are vulnerable to Directory Traversal attacks. It did not set a root directory and allowed any arbitrary paths to be accessed on the file system and returned to requesting clients. How to fix Directory Traversal? Upgrade `http-live-simulator` to version 1.0.6 or higher.	<1.0.6