Homepage

http-live-simulator@1.0.7 vulnerabilities

HTTP Server that serves with random delay for live simulations

  • latest version

    1.0.8

  • first published

    6 years ago

  • latest version published

    5 years ago

  • licenses detected

  • View http-live-simulator package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the http-live-simulator package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Denial of Service (DoS)

    http-live-simulator is a simple http file server for local development written in Node.JS.

    Affected versions of this package are vulnerable to Denial of Service (DoS) while requesting a directory.

    How to fix Denial of Service (DoS)?

    A fix was pushed into the master branch but not yet published.

    *
    • H
    Denial of Service (DoS)

    http-live-simulator is a simple http file server for local development written in Node.JS.

    Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible to crash a server using the package due to the way URL parsing is handled when invalid directory paths are given.

    PoC by 3la2kb

    curl --path-as-is http://localhost:8080/../?a

    How to fix Denial of Service (DoS)?

    Upgrade http-live-simulator to version 1.0.8 or higher.

    >=1.0.7 <1.0.8
    Go back to all versions of this package