buttle@0.1.0 vulnerabilities

Serve static files from cwd

Direct Vulnerabilities

Known vulnerabilities in the buttle package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

buttle is a simple static file (+ markdown) server.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows to execute arbitrary code due to unsafe rendering of markdown files.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for buttle.

*
  • M
Cross-site Scripting (XSS)

buttle is a Serve static files from cwd.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. Due to lack of filenames sanitization, it is possible to inject a malicious iframe tag via filename and execute arbitray JavaScript code.

How to fix Cross-site Scripting (XSS)?

There is no fix version for buttle.

*
  • M
Cross-site Scripting (XSS)

buttle is a Serve static files from cwd.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attacks. Due to lack of filenames sanitization, it is possible to inject a malicious iframe tag via filename and execute arbitray JavaScript code.

How to fix Cross-site Scripting (XSS)?

There is no fix version for buttle.

*
  • H
Directory Traversal

buttle is a Simple static file (+ markdown) server.

Affected versions of this package are vulnerable to Directory Traversal attacks. An attacker could read any file in the server.

How to fix Directory Traversal?

There is no fix version for buttle.

*
  • C
Arbitrary Command Injection

buttle is a Simple static file (+ markdown) server.

Affected versions of this package are vulnerable to Arbitrary Command Injection. When buttle is run with --php-bin option (to handle PHP), the PHP filename is not sanitized and allows to inject shell commands.

How to fix Arbitrary Command Injection?

There is no fix version for buttle.

*