crud-file-server@0.0.6 vulnerabilities

file server supporting basic create, read, update, & delete for any kind of file

Direct Vulnerabilities

Known vulnerabilities in the crud-file-server package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

crud-file-server is a file server supporting basic create, read, update, & delete for any kind of file.

Affected versions of the package are vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following url /../../etc/passwd would result in /etc/passwd leak.

How to fix Directory Traversal?

Upgrade crud-file-server to version 0.9.0 or higher.

<0.9.0
  • H
Directory Traversal

crud-file-server is a file server supporting basic create, read, update, & delete for any kind of file.

Affected versions of the package are vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server. For example, requesting the following url /../../etc/passwd would result in /etc/passwd leak.

How to fix Directory Traversal?

Upgrade crud-file-server to version 0.9.0 or higher.

<0.9.0
  • C
Cross-site Scripting (XSS)

crud-file-server exposes a directory to create, read, update, and delete operations over http.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows to embed HTML in file names, which might lead to execute malicious JavaScript.

How to fix Cross-site Scripting (XSS)?

Upgrade crud-file-server to version 0.9.0 or higher.

<0.9.0
  • C
Cross-site Scripting (XSS)

crud-file-server exposes a directory to create, read, update, and delete operations over http.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It allows to embed HTML in file names, which might lead to execute malicious JavaScript.

How to fix Cross-site Scripting (XSS)?

Upgrade crud-file-server to version 0.9.0 or higher.

<0.9.0