Description
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Remediation
References
https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tiny-http
https://nodesecurity.io/advisories/342
Related Vulnerabilities
CVE-2018-11011 Vulnerability in maven package cc.ryanc:halo
CVE-2022-31127 Vulnerability in npm package next-auth
CVE-2020-26256 Vulnerability in npm package @fast-csv/parse
CVE-2018-3744 Vulnerability in npm package html-pages
CVE-2023-44487 Vulnerability in maven package io.helidon.http:helidon-http-http2