Path Traversal Vulnerability in http-live-simulator by npm
CVE-2019-5423

7.5HIGH

Key Information:

Vendor: Npm, Inc.
Status: Http-live-simulator
Vendor: CVE Published:; 3 April 2019

What is CVE-2019-5423?

The http-live-simulator npm package version 1.0.5 is vulnerable to a path traversal issue that allows remote attackers to access arbitrary paths on the server’s file system. This weakness can lead to exposure of sensitive files and unauthorized file access, potentially compromising server integrity and user data.

Affected Version(s)

http-live-simulator 1.0.5

References

https://hackerone.com/reports/384939

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2019
Vulnerability Reserved
Jan 4, 2019

CVE-2019-5423 Data

JSON

Npm, Inc.

What is CVE-2019-5423?

Affected Version(s)

References

CVSS V3.1

Timeline