npm package
http-file-server
pkg:npm/http-file-server
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5458 | — | <= 0.2.6 | — | Jul 30, 2019 | Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. | ||
| CVE-2019-5447 | — | >= 0 | — | Jul 15, 2019 | A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. |
- CVE-2019-5458Jul 30, 2019affected <= 0.2.6
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.
- CVE-2019-5447Jul 15, 2019affected >= 0
A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders.