EPSS
Percentile
79.5%
tiny-http is vulnerable to directory traversal attacks. This is possible by requesting a url such as /..%2f..%2fetc/passwd to get sensitive information.
/..%2f..%2fetc/passwd
github.com/JacksonGL
github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tiny-http
github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tiny-http
nodesecurity.io/advisories/342