Directory Traversal

static-dev-server is vulnerable to directory traversal. The vulnerability is due when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory which allows an attacker to gain access to the restricted file directories and perfo...

static-dev-server directory traversal vulnerability

static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...

GHSA-7FXM-C848-89Q8 static-dev-server vulnerable to path traversal

A path traversal vulnerability affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. There is currently no known workaround or fix for this issue...

CVE-2022-25848

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

Directory traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848

CVE-2022-25848 affects all versions of the npm package static-dev-server. The root cause is a directory traversal vulnerability caused by how paths from users to the root directory are joined, causing assets to be resolved relative to the root. This can enable access to arbitrary files on the und...

CVE-2022-25848 Directory Traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848 Directory Traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

static-dev-server 路径遍历漏洞

static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...

PT-2022-17565 · Unknown · Static-Dev-Server

Name of the Vulnerable Software and Affected Versions: static-dev-server versions all Description: A path traversal issue affects the package. This occurs because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

Directory Traversal

Overview static-dev-server is an A simple http server to serve static resource files from a local directory and auto reload when file change. Affected versions of this package are vulnerable to Directory Traversal. This is because when paths from users to the root directory are joined, the assets...

@0x77/ccpack (>=0.0.0 <=0.1.5), @aio-server/core (>=0.0.1 <=0.0.1001) +87 more potentially affected by CVE-2022-39386 via fastify-websocket (>=0.3.0 <=4.3.0)

fastify-websocket NPM version =0.3.0, =0.0.0, =0.0.1, =0.0.1, =0.0.15, =0.0.13, =1.0.0, =0.2.42, =1.0.0, =2.0.3, =9.1.1, =9.1.4 and more Source cves: CVE-2022-39386 Source advisory: OSV:GHSA-4PCG-WR6C-H9CQ...

MAL-2022-7105 Malicious code in webpback-dev-esrver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a8d0d272d86340f504944bad6bcbfca405fd215d44bdb0a9b2e77110713c88a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3825 Malicious code in ing-kit-dev-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f848b88df8633c5af2c7442a7c90bb78ed5eb5597fb28786966fe4cbc5f83e3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-0343

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

CVE-2022-0343

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

Design/Logic Flaw

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

CVE-2022-0343

CVE-2022-0343 affects Perfetto Dev scripts. A local attacker who can run the dev server (./tools/run-dev-server) may trigger HTTP requests to 127.0.0.1:10000, enabling a local privilege/escalation scenario. The issue is tied to the dev-server workflow rather than a remote vector. Remediation: upg...

Google perfetto 安全漏洞

Google perfetto is a Google Inc. program for collecting performance information on Android devices via the Android Debug Bridge ADB. Google perfetto suffers from a security vulnerability that originates when a user usually a developer manually invokes the . /tools/run-dev-server script can send...