CVE-2019-5457

Name of the Vulnerable Software and Affected Versions min-http-server (all versions)

Description A cross-site scripting (XSS) issue allows an attacker with access to the server file system to execute arbitrary JavaScript code in a victim's browser. The package fails to sanitize filenames, enabling attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code.

Recommendations For all versions, consider using an alternative package until a fix is made available. As a temporary workaround, consider restricting access to files with potentially malicious names to minimize the risk of exploitation.