PT-2019-17676 · Unknown · Http File Server
Published
2019-07-15
·
Updated
2023-02-03
·
CVE-2019-5447
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
http-file-server versions <= 0.2.6
Description
A path traversal issue allows attackers to list files in arbitrary folders. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
Recommendations
For versions <= 0.2.6, consider using an alternative package until a fix is made available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Http File Server