Description
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://nodesecurity.io/advisories/342
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tiny-http
Related Vulnerabilities
CVE-2019-10756 Vulnerability in npm package node-red-dashboard
CVE-2022-24785 Vulnerability in maven package org.fujion.webjars:moment
CVE-2021-39152 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2021-3312 Vulnerability in maven package org.opencms:opencms-core
CVE-2018-1002204 Vulnerability in maven package org.webjars.npm:adm-zip