Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-23797. PoCs published by dannyEndorTest.
AI-analyzed exploit summary This repository is a synthetic demo target for Endor Labs EXPOSURE, deliberately vulnerable to CVE-2021-23797 but lacks actual exploit code. It serves as a placeholder for demonstrating vulnerability detection and mitigation workflows.
Description
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.
Exploits (1)
nomisec
STUB
by dannyEndorTest · poc
https://github.com/dannyEndorTest/http-server-node
This repository is a synthetic demo target for Endor Labs EXPOSURE, deliberately vulnerable to CVE-2021-23797 but lacks actual exploit code. It serves as a placeholder for demonstrating vulnerability detection and mitigation workflows.
Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
http-server-node 1.0.0
No auth needed
Prerequisites:
Docker environment · Node.js
MITRE ATT&CK
devstral-2 · analyzed May 20, 2026
Full analysis →
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-HTTPSERVERNODE-1727656
Scores
CVSS v3
7.5
EPSS
0.0064
EPSS Percentile
71.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
http-server-node_project/http-server-node
npm/http-server-node
0npm
Published
Dec 17, 2021
Tracked Since
Feb 18, 2026