glance@3.0.8 vulnerabilities

disposable fileserver

Known vulnerabilities in the glance package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Directory Traversal glance is a quick disposable http server for static files. Affected versions of this package are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in CVE-2018-3715. How to fix Directory Traversal? Upgrade `glance` to version 3.0.9 or higher.	<3.0.9
L Cross-site Scripting (XSS) glance is a quick disposable http server for static files. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attcaks. A File name, containing malicious HTML (eg. embedded iframe element or `javascript:` pseudo protocol handler in `<a>` element) allows to execute JavaScript code against any user who opens directory listing contains such crafted file name. How to fix Cross-site Scripting (XSS)? There is no fix version for `glance`.	*
L Cross-site Scripting (XSS) glance is a quick disposable http server for static files. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) attcaks. A File name, containing malicious HTML (eg. embedded iframe element or `javascript:` pseudo protocol handler in `<a>` element) allows to execute JavaScript code against any user who opens directory listing contains such crafted file name. How to fix Cross-site Scripting (XSS)? There is no fix version for `glance`.	*