Advisories for Npm/@Vivaxy/Here package

2020

Directory Traversal in @vivaxy/here

The @vivaxy/here module is a small web server that serves files with the process' working directory acting as the web root. It is vulnerable to a directory traversal attack. This means that files on the local file system which exist outside of the web root may be disclosed to an attacker. This might include confidential files. Mitigating Factors: If the node process is run as a user with very limited …