Lucene search
K

5 matches found

Cvelist
Cvelist
added 2022/12/21 11:14 p.m.36 views

CVE-2022-25895 Directory Traversal

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

7.5CVSS7.7AI score0.01343EPSS
Exploits1References3
CVE
CVE
added 2022/12/21 11:14 p.m.74 views

CVE-2022-25895

CVE-2022-25895 affects lite-dev-server. All versions are vulnerable to Directory Traversal due to missing input sanitization and sandboxing of the req.url input passed to the server code. The root cause is that the server reads and uses user-supplied URLs without proper normalization, enabling ac...

7.5CVSS7.5AI score0.01343EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/12/21 5:15 a.m.3 views

CVE-2022-25895

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

7.5CVSS5.8AI score0.01343EPSS
Exploits1References3
NVD
NVD
added 2022/12/21 5:15 a.m.28 views

CVE-2022-25895

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

7.5CVSS0.01343EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/12/05 1:57 p.m.4 views

node-sass-with-bindings (>=4.5.5 <=4.5.6) potentially affected by CVE-2022-25895 via lite-dev-server (=3.2.7)

lite-dev-server NPM version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on lite-dev-server and may be impacted: - node-sass-with-bindings =4.5.5, =4.5.6 Source cves: CVE-2022-25895 Source advisory: SNYK:JS-LITEDEVSERVER-3153718...

7.5CVSS7.1AI score0.01343EPSS
Exploits1
Rows per page
Query Builder