11 matches found
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Mitigation Mitigation for this issue is...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Cross-site Scripting (XSS) due to server-static package ( CVE-2024-43800 )
Summary Potential vulnerabilities in server-static package CVE-2024-43800 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-43800 DESCRIPTION: serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to...
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...
PT-2025-39959
Name of the Vulnerable Software and Affected Versions node-static affected versions not specified @nubosoftware/node-static affected versions not specified Description The software does not properly handle user input containing null bytes. This can allow attackers to access http://host/%00 and...
Denial of Service
Overview All versions of node-static are vulnerable to a Denial of Service. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Recommendation No fix is currently available. Consider using an alternativ...
The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the qt3-static package in the SUSE Linux Enterprise operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the qt-static-2.3.1 package on the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system, which allow a remote attacker to compromise the confidentiality and integrity of protected information
The multiple vulnerabilities of the e2fsck-static package in the Debian GNU/Linux operating system may lead to breaches of the confidentiality and integrity of protected information. These vulnerabilities can be exploited remotely...
The vulnerability of the CentOS operating system, which allows a malicious attacker to compromise the accessibility of protected information
The vulnerability of the libxml2-static-2.9.1 package on the CentOS operating system can lead to a violation of the accessibility of protected information. Exploiting this vulnerability can be carried out remotely...
The vulnerability of the CentOS operating system allows a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the libpng-static-1.2.48 package on the CentOS operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the Red Hat Enterprise Linux operating system, which allows a remote attacker to compromise the accessibility of protected information
The vulnerability of the libxml2-static-2.9.1 package on the Red Hat Enterprise Linux operating system can lead to a violation of the accessibility of protected information. This vulnerability can be exploited remotely...