Skip to main content

Http File Server

6 CVEs product

Monthly

CVE-2024-39943 npm HIGH PATCH This Week

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Apple Command Injection Node.js Http File Server
NVD GitHub
CVSS 3.1
8.8
EPSS
48.5%
CVE-2024-23692 CRITICAL POC KEV THREAT Emergency

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ssti Http File Server
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.5%
CVE-2020-13432 HIGH POC PATCH THREAT This Week

rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Http File Server
NVD GitHub
CVSS 3.1
7.5
EPSS
30.9%
CVE-2019-5458 npm MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Http File Server
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-5447 npm MEDIUM POC This Month

A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Http File Server
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2014-7226 HIGH POC This Week

The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Http File Server
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
8.1%
EPSS 48% CVSS 8.8
HIGH PATCH This Week

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Apple Command Injection Node.js +1
NVD GitHub
EPSS 99% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ssti Http File Server
NVD GitHub Exploit-DB
EPSS 31% CVSS 7.5
HIGH POC PATCH THREAT This Week

rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Http File Server
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Http File Server
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

A path traversal vulnerability in <= v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Path Traversal Http File Server
NVD
EPSS 8% CVSS 7.5
HIGH POC This Week

The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Http File Server
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy