@vivaxy/here@3.1.0 vulnerabilities
local static server
-
latest version
3.4.1
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
3 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @vivaxy/here package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@vivaxy/here is a small web server that serves files with the process' working directory acting as the web root. Affected versions of this package are vulnerable to Directory Traversal. Files on the local file system which exist outside of the web root may be disclosed to an attacker. This could include confidential files. PoC:
How to fix Directory Traversal? Upgrade |
<3.2.2
|