http-live-simulator@1.0.7 vulnerabilities

HTTP Server that serves with random delay for live simulations

Direct Vulnerabilities

Known vulnerabilities in the http-live-simulator package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Denial of Service (DoS)

http-live-simulator is a simple http file server for local development written in Node.JS.

Affected versions of this package are vulnerable to Denial of Service (DoS) while requesting a directory.

How to fix Denial of Service (DoS)?

A fix was pushed into the master branch but not yet published.

*
  • H
Denial of Service (DoS)

http-live-simulator is a simple http file server for local development written in Node.JS.

Affected versions of this package are vulnerable to Denial of Service (DoS). It is possible to crash a server using the package due to the way URL parsing is handled when invalid directory paths are given.

PoC by 3la2kb

curl --path-as-is http://localhost:8080/../?a

How to fix Denial of Service (DoS)?

Upgrade http-live-simulator to version 1.0.8 or higher.

>=1.0.7 <1.0.8