http-server stable version

[Prudhvicharan]

Hi,
We are using 0.12.3 version of http-server.
As a dependent package, 1.5.1 version of opener package has been installed.

This version of opener has 4 High Vulnerabilities (CVE-2021-27478, CVE-2021-27482, CVE-2021-27498, CVE-2021-27500) with scores 7.5 for all the respective ID's.
Is there a way to fix those vulnerabilities. If so, can you please let us know how to do?

Environment Versions

1. http-server version: 0.12.3

[chris--jones]

I think this project needs a package overhaul - some of the dependencies are no longer actively maintained, union is a big one - I had to replicate some of the code previously for another fix.

I'll do an assessment and see if there's suitable alternatives to revive this.

[chris--jones]

I had a closer look and your vulnerabilities are for a completely different package: https://github.com/EIPStackGroup/OpENer rather than https://github.com/domenic/opener

There are 3 moderate security issues, but these are tied to other packages (tap & request):

┌─────────────────────┬───────────────────────────────────────────────────┐
│ moderate            │ Denial of Service in mem                          │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Package             │ mem                                               │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Vulnerable versions │ <4.0.0                                            │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Patched versions    │ >=4.0.0                                           │
├─────────────────────┼───────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-4xcv-9jjx-gfj3 │
└─────────────────────┴───────────────────────────────────────────────────┘
┌─────────────────────┬───────────────────────────────────────────────────┐
│ moderate            │ yargs-parser Vulnerable to Prototype Pollution    │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Package             │ yargs-parser                                      │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Vulnerable versions │ >=6.0.0 <13.1.2                                   │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Patched versions    │ >=13.1.2                                          │
├─────────────────────┼───────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-p9pc-299p-vxgp │
└─────────────────────┴───────────────────────────────────────────────────┘
┌─────────────────────┬───────────────────────────────────────────────────┐
│ moderate            │ Prototype Pollution in Ajv                        │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Package             │ ajv                                               │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Vulnerable versions │ <6.12.3                                           │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Patched versions    │ >=6.12.3                                          │
├─────────────────────┼───────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-v88g-cgmw-v5xw │
└─────────────────────┴───────────────────────────────────────────────────┘

[Ferdanes34]

I assume that you need to know more about some servers for your website. I have also fixed this problem and the lessons also look informative to me. Not so long ago I created my own app to grow the business. It has become much easier for users to subscribe to my services, and it's very cool. And to keep the application functional, I turned to vps canada. in fact, they help me support my application and I can spend more time on my business. It's really convenient.

[github-actions]

This issue has been inactive for 180 days