4 matches found
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...
40au-isteven-angular-multiselect (=4.0.0), @abcd19/st-grid (=3.1.0) +723 more potentially affected by CVE-2023-26111 via node-static (>=0.5.6 <=0.7.11)
node-static NPM version =0.5.6, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 - @beadswap/lib =0.0.1 and more Source cves: CVE-2023-26111 Source advisory: OSV:GHSA-5G97-WHC9-8G7J...
CVE-2023-26111
CVE-2023-26111 affects node-static and its fork @nubosoftware/node-static, with a Directory Traversal flaw caused by improper file path sanitization in the servePath function’s startsWith() method. All versions of both packages are reported vulnerable. Impact: potential access to files outside th...
277snippet-cli (>=1.0.0 <=1.0.2), 40au-isteven-angular-multiselect (=4.0.0) +739 more potentially affected by CVE-2023-26111 via node-static (>=0.5.6 <=0.7.9)
node-static NPM version =0.5.6, =1.0.0, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 and more Source cves: CVE-2023-26111 Source advisory: SNYK:JS-NODESTATIC-3149928...