{"id":"GHSA-vmhw-fhj6-m3g5","summary":"Path Traversal in angular-http-server","details":"Versions of `angular-http-server` before 1.4.4 are vulnerable to path traversal.\n\n\n## Recommendation\n\nUpdate to version 1.4.4 or later.","modified":"2026-02-11T22:32:28.495555Z","published":"2019-05-31T23:46:33Z","database_specific":{"severity":"HIGH","github_reviewed":true,"cwe_ids":["CWE-22"],"github_reviewed_at":"2019-05-31T23:44:08Z","nvd_published_at":null},"references":[{"type":"WEB","url":"https://github.com/simonh1000/angular-http-server/commit/8bafc9577161469f5dea01e0b98ea9c525d063e9"},{"type":"WEB","url":"https://hackerone.com/reports/330349"},{"type":"PACKAGE","url":"https://github.com/simonh1000/angular-http-server"},{"type":"WEB","url":"https://www.npmjs.com/advisories/656"}],"affected":[{"package":{"name":"angular-http-server","ecosystem":"npm","purl":"pkg:npm/angular-http-server"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.4.4"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/05/GHSA-vmhw-fhj6-m3g5/GHSA-vmhw-fhj6-m3g5.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}