CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
57.4%
This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.
Vendor | Product | Version | CPE |
---|---|---|---|
static-dev-server_project | static-dev-server | 1.0.0 | cpe:2.3:a:static-dev-server_project:static-dev-server:1.0.0:*:*:*:*:node.js:*:* |