All versions of statics-server
are vulnerable to Path Traversal. The package fails to limit access to files outside of the served folder through symlinks.
No fix is currently available. Do not use statics-server
in production or consider using an alternative module until a fix is made available.