static-dev-server is a simple http server for serving static resource files from local directories and automatically reloading them when they change. npm static-dev-server in all versions suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths when handling directory requests, which can be exploited by attackers to retrieve arbitrary files from the underlying file system via specially designed web requests to retrieve arbitrary files from the underlying file system.