Description
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
Remediation
References
https://hackerone.com/reports/309648
Related Vulnerabilities
CVE-2018-16330 Vulnerability in maven package org.webjars.bowergithub.pandao:editor.md
CVE-2020-7733 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js
CVE-2021-46363 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2021-21119 Vulnerability in npm package electron
CVE-2023-40343 Vulnerability in maven package io.jenkins.plugins:tuleap-oauth