Versions of `simplehttpserver` prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths.

## Recommendation

Upgrade to version 0.2.1 or later.

Affected Packages

npm static-resource-server

Affected versions: 0 (last affected: 1.7.2)

Related CVEs

CVE-2018-16493

Key Information

GHSA ID

GHSA-45j8-pm75-5v8x

Published

February 7, 2019 6:18 PM

Last Modified

August 31, 2020 6:42 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

static-resource-server

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 2, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.