CVE-2014-8883 – nhouston

Package

Manager: npm
Name: nhouston
Vulnerable Version: >=0 <=2.0.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Directory Traversal in nhouston All versions of the static file server module nhouston are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory. ## Recommendation It is recommended that a different module be used, as we have been unable to reacher the maintainer of this module. We will continue to reach out to them, and if an update becomes available that fixes the issue, we will update this advisory accordingly.

Metadata

Created: 2020-08-31T22:53:54Z
Modified: 2021-09-23T20:57:48Z
Source: MANUAL
CWE IDs: ["CWE-23"]
Alternative ID: GHSA-44g9-w23c-5rw7
Finding: F063
Auto approve: 1