CVE-2018-16493

A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the…

hackerone·CWE-548·Published 2019-02-01

CVSS

—

EPSS

0.02

KEV

Exploits

cve.orgen

175 chars

A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.

NVDen

175 chars

A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.

OSV.deven

236 chars

Versions of `simplehttpserver` prior to 0.2.1 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. ## Recommendation Upgrade to version 0.2.1 or later.

GHSAen

236 chars

NVDes

225 chars

Se ha detectado una vulnerabilidad de salto de directorio en el módulo static-resource-server, en su versión 1.7.2, que permite el acceso de lectura no autorizado a cualquier archivo en el servidor, anexando barras en la URL.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	NVD	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N