Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-16493

UNKNOWN
Published 2019-02-01T18:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-16493. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

HackerOne

static-resource-server

Affected Versions:

1.7.2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Path Traversal in simplehttpserver

GHSA-45j8-pm75-5v8x

Advisory Details

Versions of `simplehttpserver` prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. ## Recommendation Upgrade to version 0.2.1 or later.

Affected Packages

npm static-resource-server
ECOSYSTEM: ≥0 ≤1.7.2

CVSS Scoring

CVSS Score

7.5

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-16493
WEB https://hackerone.com/reports/357109
WEB https://hackerone.com/reports/432600
ADVISORY https://github.com/advisories/GHSA-45j8-pm75-5v8x
WEB https://www.npmjs.com/advisories/967
WEB https://www.npmjs.com/advisories/968

Advisory provided by GitHub Security Advisory Database. Published: February 7, 2019, Modified: August 31, 2020

References

https://hackerone.com/reports/432600
Published: 2019-02-01T18:00:00
Last Modified: 2024-08-05T10:24:32.903Z
Copied to clipboard!