3 matches found
CVE-2022-25931 Directory Traversal
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
CVE-2022-25931 Directory Traversal
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...
CVE-2022-25931
CVE-2022-25931 affects all versions of the npm package easy-static-server. The root cause is missing input sanitization and the use of sandboxes around req.url in the easyServer function (index.js), enabling a Directory Traversal attack to access files/directories outside the intended folder. Doc...