Description
iter-http is a server for static files. iter-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/iter-http
https://nodesecurity.io/advisories/343
Related Vulnerabilities
CVE-2020-10991 Vulnerability in maven package org.mule.modules:mule-module-apikit
CVE-2022-31160 Vulnerability in maven package org.webjars:jquery-ui
CVE-2020-26870 Vulnerability in maven package org.webjars.npm:dompurify
CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on
CVE-2019-10759 Vulnerability in maven package org.webjars.npm:safer-eval