A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.
References
Link | Resource |
---|---|
https://hackerone.com/reports/570133 | Exploit Patch Third Party Advisory |
Configurations
Information
Published : 2019-07-15 11:15
Updated : 2023-02-02 18:21
NVD link : CVE-2019-5447
Mitre link : CVE-2019-5447
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
http-file-server_project
- http-file-server