CVE-2018-3787

Vulnerability

A path traversal vulnerability exists in the npm package simplehttpserver before version 0.2.1. The package fails to properly sanitize user-supplied input in requested resource paths, allowing directory traversal sequences such as ../ to escape the intended web root directory. This affects all versions prior to 0.2.1 [1][2].

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP GET request to the server with a path containing directory traversal sequences (e.g., GET /../../../etc/passwd HTTP/1.1). No authentication or special privileges are required; the attacker only needs network access to the server on its open port. The server processes the malicious path without validation, traversing out of the document root [1][2].

Impact

Successful exploitation allows the attacker to list the contents of any directory on the file system that the server process can read. This can lead to disclosure of sensitive information such as configuration files, source code, or system files, potentially aiding further attacks. The vulnerability affects the confidentiality of the system, and the exposure depends on the server's file permissions [1][2].

Mitigation

The vulnerability is fixed in version 0.2.1 of simplehttpserver. Users should upgrade to this version or later immediately. No known workarounds are available for earlier versions. The package is marked as highly severe in the GitHub Advisory Database [2].