High severity7.5NVD Advisory· Published Jun 4, 2018· Updated Jun 17, 2026
CVE-2017-16029
CVE-2017-16029
Description
hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending ../ in the url path for GET requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hostrnpm | < 2.3.6 | 2.3.6 |
Affected products
2- HackerOne/hostr node modulev5Range: <=2.3.5
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-xqqr-p362-6rmcghsaADVISORY
- github.com/henrytseng/hostr/issues/8nvdIssue TrackingThird Party AdvisoryWEB
- nodesecurity.io/advisories/303nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2017-16029ghsaADVISORY
- github.com/henrytseng/hostr/issues/8)ghsaWEB
- www.npmjs.com/advisories/303ghsaWEB
News mentions
0No linked articles in our index yet.