Description
A vulnerability classified as critical was found in SimbCo httpster. This vulnerability affects the function fs.realpathSync of the file src/server.coffee. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The name of the patch is d3055b3e30b40b65d30c5a06d6e053dffa7f35d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216748.
Remediation
References
https://github.com/SimbCo/httpster/pull/36
https://github.com/SimbCo/httpster/commit/d3055b3e30b40b65d30c5a06d6e053dffa7f35d0
https://vuldb.com/?id.216748
Related Vulnerabilities
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http3:http3-qpack
CVE-2021-29480 Vulnerability in maven package io.ratpack:ratpack-session
CVE-2023-26486 Vulnerability in npm package vega
CVE-2021-3777 Vulnerability in npm package tmpl
CVE-2021-33561 Vulnerability in maven package com.shopizer:shopizer