43 matches found
Improper Input Validation
@nubosoftware/node-static is vulnerable to improper input validation.The vulnerability is due to the package failing to handle null-byte %00 input correctly, which allows an attacker to trigger an exception and crash the server...
Linux Distros Unpatched Vulnerability : CVE-2025-11149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of the package node-static; all versions of the package @nubosoftware/node- static. The package fails to catch an exception when user...
EUVD-2025-31700
Malicious code in bioql PyPI...
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Mitigation Mitigation for this issue is...
GHSA-27W5-GJ5Q-82FV @nubosoftware/node-static failure to catch exception can result in server crash
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
@nubosoftware/node-static failure to catch exception can result in server crash
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
DEBIAN-CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
UBUNTU-CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
CVE-2025-11149
CVE-2025-11149 affects all versions of node-static and @nubosoftware/node-static. The root issue is that the package fails to catch an exception when user input contains null bytes, allowing an attacker to access the URL http://host/%00 and cause a server crash. The connected Nessus/Red Hat/GHSA/...
PT-2025-40035
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...
node-static 安全漏洞
node-static is an rfc 2616-compliant HTTP static file server module with built-in caching by Alexis Sellier, an individual developer. A security vulnerability exists in node-static that stems from an uncaught user input exception containing a null byte, which could cause the server to crash...
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...
Directory Traversal
node-static is vulnerable to Directory Traversal. The vulnerability exists due to the servePath function in node-static.js, which allows a remote attacker to access restricted data outside the intended directory due to improper file path sanitization...
GHSA-5G97-WHC9-8G7J node-static and @nubosoftware/node-static vulnerable to Directory Traversal
node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...