http-live-simulator@1.0.2 vulnerabilities

HTTP Server that serves with random delay for live simulations

Direct Vulnerabilities

Known vulnerabilities in the http-live-simulator package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Denial of Service (DoS)

http-live-simulator is a simple http file server for local development written in Node.JS.

Affected versions of this package are vulnerable to Denial of Service (DoS) while requesting a directory.

How to fix Denial of Service (DoS)?

A fix was pushed into the master branch but not yet published.

*
  • H
Directory Traversal

http-live-simulator is a simple http file server for local development written in Node.JS.

Affected versions of this package are vulnerable to Directory Traversal. An attacker could read arbitrary files from any location on disk.

Note This vulnerability is due to an incomplete fix in SNYK-JS-HTTPLIVESIMULATOR-72456

How to fix Directory Traversal?

Upgrade http-live-simulator to version 1.0.7 or higher.

<1.0.7
  • H
Directory Traversal

http-live-simulator is a HTTP Server that serves with random delay for live simulations.

Affected versions of this package are vulnerable to Directory Traversal attacks. It did not set a root directory and allowed any arbitrary paths to be accessed on the file system and returned to requesting clients.

How to fix Directory Traversal?

Upgrade http-live-simulator to version 1.0.6 or higher.

<1.0.6