simplehttpserver@0.0.6 vulnerabilities

Simple HTTP Server for static files. Intended as testing and development tool

Direct Vulnerabilities

Known vulnerabilities in the simplehttpserver package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Directory Traversal

simplehttpserver is an simple imitation of Python's SimpleHTTPServer and is intended for testing, development and debugging purposes.

Affected versions of this package are vulnerable to Firectory Traversal attacks. A malicious user could list file in the folder. This might expose vectors to attack system with Remote Code Execution, reveals files with usernames and passwords and many other possibilities.

How to fix Directory Traversal?

There is no fix version for simplehttpserver.

*
  • H
Directory Traversal

simplehttpserver is an simple imitation of Python's SimpleHTTPServer and is intended for testing, development and debugging purposes

Affected versions of this package are vulnerable to Directory Traversal. It gets the path name of a url and adds it to the web root. A malicious user could list the files in the folder.

How to fix Directory Traversal?

Upgrade simplehttpserver to version 0.2.1 or higher.

<0.2.1
  • C
Cross-site Scripting (XSS)

simplehttpserver is simple imitation of python's SimpleHTTPServer and intended for testing, development and debugging purposes.

Affected versions of this package are vulnerable to Cross-Site Scripting (XSS). It allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.

How to fix Cross-site Scripting (XSS)?

There is no fix version for simplehttpserver and this package was removed from npm.

*
  • C
Cross-site Scripting (XSS)

simplehttpserver is simple imitation of python's SimpleHTTPServer and intended for testing, development and debugging purposes.

Affected versions of this package are vulnerable to Cross-Site Scripting (XSS). It allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript.

How to fix Cross-site Scripting (XSS)?

There is no fix version for simplehttpserver and this package was removed from npm.

*