Static-server Security Vulnerabilities
Static Web Server (SWS) is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like <img src>.txt...
5.8CVSS
6.6AI Score
0.0004EPSS
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of...
7.5CVSS
7.5AI Score
0.001EPSS
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server...
7.5CVSS
7.5AI Score
0.001EPSS
This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root...
7.5CVSS
7.5AI Score
0.002EPSS
9.8CVSS
9.3AI Score
0.162EPSS
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the...
7.5CVSS
7.2AI Score
0.009EPSS
static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...
7.5CVSS
7.4AI Score
0.004EPSS
A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Software could allow an unauthenticated, remote attacker to log in to the administrative console of a DCNM server by using an account that has a default, static password. The account could be granted root- or system-level...
9.8CVSS
9.4AI Score
0.004EPSS