7 matches found
@anfo/difftool (>=0.0.1 <=0.0.11), @bdefore/nivo-patterned-radial-arc (=0.79.1) +122 more potentially affected by CVE-2023-26152 via static-server (>=2.0.0 <=2.2.1)
static-server NPM version =2.0.0, =0.0.1, =0.0.1, =2.0.0, =0.1.21, =0.0.1, =2.59.1-alpha.1, =1.1.0, =0.1.10, =1.0.0, =2.2.0, =2.50.0 - @httptoolkit/netlify-cli =2.19.1-testable and more Source cves: CVE-2023-26152 Source advisory: OSV:GHSA-V834-RHV4-65M3...
CVE-2023-26152
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...
CVE-2023-26152
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...
CVE-2023-26152
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...
CVE-2023-26152
CVE-2023-26152 affects the static-server package. The vulnerability stems from improper input sanitization in the validPath function of server.js, enabling Directory Traversal to access files outside the intended directory. Exploitation details, affected versions, and remediation are not provided...
CVE-2023-26152
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...
@anfo/difftool (>=0.0.1 <=0.0.11), @bdefore/nivo-patterned-radial-arc (=0.79.1) +131 more potentially affected by CVE-2023-26152 via static-server (>=2.0.0 <=3.0.0)
static-server NPM version =2.0.0, =0.0.1, =0.0.1, =2.0.0, =0.1.21, =0.0.1, =2.59.1-alpha.1, =1.1.0, =0.1.10, =1.0.0, =2.2.0, =2.50.0 - @httptoolkit/netlify-cli =2.19.1-testable and more Source cves: CVE-2023-26152 Source advisory: SNYK:JS-STATICSERVER-5722341...