Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.10 views

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

7.5CVSS6.8AI score0.01445EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2023/03/06 6:30 a.m.5 views

40au-isteven-angular-multiselect (=4.0.0), @abcd19/st-grid (=3.1.0) +723 more potentially affected by CVE-2023-26111 via node-static (>=0.5.6 <=0.7.11)

node-static NPM version =0.5.6, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 - @beadswap/lib =0.0.1 and more Source cves: CVE-2023-26111 Source advisory: OSV:GHSA-5G97-WHC9-8G7J...

7.5CVSS7AI score0.01445EPSS
Exploits1
CVE
CVE
added 2023/03/06 5:0 a.m.65 views

CVE-2023-26111

CVE-2023-26111 affects node-static and its fork @nubosoftware/node-static, with a Directory Traversal flaw caused by improper file path sanitization in the servePath function’s startsWith() method. All versions of both packages are reported vulnerable. Impact: potential access to files outside th...

7.5CVSS7.5AI score0.01445EPSS
Exploits1References4Affected Software2
vulnersOsv
vulnersOsv
added 2022/11/28 12:55 p.m.4 views

277snippet-cli (>=1.0.0 <=1.0.2), 40au-isteven-angular-multiselect (=4.0.0) +739 more potentially affected by CVE-2023-26111 via node-static (>=0.5.6 <=0.7.9)

node-static NPM version =0.5.6, =1.0.0, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 and more Source cves: CVE-2023-26111 Source advisory: SNYK:JS-NODESTATIC-3149928...

7.5CVSS7AI score0.01445EPSS
Exploits1
Rows per page
Query Builder