buttle is a Simple static file (+ markdown) server.
Affected versions of this package are vulnerable to Arbitrary Command Injection. When
buttle is run with
--php-bin option (to handle PHP), the PHP filename is not sanitized and allows to inject shell commands.
There is no fix version for
Do your applications use this vulnerable package?
- Snyk ID
- 12 May, 2018
- 13 May, 2018