Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2016-10561

UNKNOWN
Published 2018-05-31T20:00:00Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2016-10561. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnerability that is exploitable via the URL path in GET requests.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

HackerOne

bitty node module

Affected Versions:

All versions

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Directory Traversal in bitty

GHSA-f5mh-hq6h-whxv

Advisory Details

Affected versions of `bitty` are vulnerable to directory traversal via the URL path in GET requests. ## Recommendation The `bitty` package is not currently maintained, and has not seen an update since 2015. At this time, the best available mitigation is to use an alternative module that is actively maintained and provides similar functionality, such as [serve](https://www.npmjs.com/package/serve).

Affected Packages

npm bitty
ECOSYSTEM: ≥0 ≤0.2.10

CVSS Scoring

CVSS Score

5.0

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-10561
ADVISORY https://github.com/advisories/GHSA-f5mh-hq6h-whxv
WEB https://www.npmjs.com/advisories/150

Advisory provided by GitHub Security Advisory Database. Published: February 18, 2019, Modified: January 8, 2021

References

https://nodesecurity.io/advisories/150
Published: 2018-05-31T20:00:00Z
Last Modified: 2024-09-17T04:24:57.968Z
Copied to clipboard!