Directory Traversal Affecting http-file-server package, versions *
Threat Intelligence
EPSS
0.13% (49th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-HTTPFILESERVER-451564
- published 10 Jul 2019
- disclosed 10 Jul 2019
- credit toannc123
Introduced: 10 Jul 2019
CVE-2019-5447 Open this link in a new tabHow to fix?
There is no fixed version for http-file-server
.
Overview
http-file-server is a Simple HTTP file server.
Affected versions of this package are vulnerable to Directory Traversal. The package does not properly sanitize URL paths, allowing an attacker to relatively traverse the filesystem.
References
CVSS Scores
version 3.1