GHSA-5w8q-x7hc-jhp6
GitHub Security Advisory
Directory Traversal in node-simple-router
✓ GitHub Reviewed
HIGH
Has CVE
Advisory Details
Affected versions of `node-simple-router` resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system.
**Example request:**
```http
GET /../../../../../../../../../../etc/passwd HTTP/1.1
host:foo
```
## Recommendation
Update to v0.10.1 or later.
Affected Packages
npm
node-simple-router
Affected versions:
0
(fixed in 0.10.1)
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: July 4, 2025 6:27 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.