Homepage
About Snyk

dy-server2@0.1.1 vulnerabilities

a simple static server.

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the dy-server2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

dy-server2 is a lightweight http server that can be used for file transfer and front-end project preview.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). An unknown component of this library is vulnerable to stored XSS attacks. This is demonstrated with the following PoC.

PoC

  1. Install package from npm: npm i -g dy-server2
  2. Create folder or file with name: <img src=x onerror=alert(1)>
  3. Start server: dy-server2 -p 8888
  4. Open website and the code will execute

How to fix Cross-site Scripting (XSS)?

There is no fixed version for dy-server2.

*
Go back to all versions of this package