Lucene search
HistoryMay 10, 2023 - 5:15 a.m.
CVE-2023-26126
vulnerability
m.static
directory traversal
input sanitization
requestfile function
cve-2023-26126
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
38.1%
All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.
Affected configurations
Node
m.static_projectm.staticRange≤2.2.0node.js
Related
veracode
veracode
Path Traversal
2023-05-15 04:52:47
cvelist
cvelist
CVE-2023-26126
2023-05-10 05:00:01
cve
cve
CVE-2023-26126
2023-05-10 05:15:08
osv
osv
m.static Directory Traversal vulnerability
2023-05-10 06:30:27
prion
prion
Directory traversal
2023-05-10 05:15:00
github
github
m.static Directory Traversal vulnerability
2023-05-10 06:30:27
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.001 Low
EPSS
Percentile
38.1%
Related for NVD:CVE-2023-26126