MidnightBSD

Advisories for http-file-server_project

CVE-2019-5447 MEDIUM

A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
http-file-server_project http-file-server *
CVE-2019-5458 LOW

Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
http-file-server_project http-file-server 0.2.4
http-file-server_project http-file-server 0.2.5
http-file-server_project http-file-server 0.2.2
http-file-server_project http-file-server 0.2.0
http-file-server_project http-file-server 0.2.6
http-file-server_project http-file-server 0.1.0
http-file-server_project http-file-server 0.2.3
http-file-server_project http-file-server 0.2.1