Loading HuntDB...

GHSA-5w8q-x7hc-jhp6

GitHub Security Advisory

Directory Traversal in node-simple-router

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

Affected versions of `node-simple-router` resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.

**Example request:**
```http
GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:foo
```

## Recommendation

Update to v0.10.1 or later.

Affected Packages

npm node-simple-router
Affected versions: 0 (fixed in 0.10.1)

Related CVEs

Key Information

GHSA ID
GHSA-5w8q-x7hc-jhp6
Published
July 24, 2018 7:42 PM
Last Modified
September 11, 2023 11:13 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
node-simple-router
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.