Path Traversal in localhost-now
High severity
GitHub Reviewed
Published
Mar 25, 2019
to the GitHub Advisory Database
•
Updated Sep 11, 2023
Description
Published to the GitHub Advisory Database
Mar 25, 2019
Reviewed
Jun 16, 2020
Last updated
Sep 11, 2023
All versions of
localhost-now
are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
References