CVE-2022-25895

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

lite-dev-server 路径遍历漏洞

lite-dev-server is an http file server for development by the individual developer Gavrilov Rusla. A security vulnerability exists in lite-dev-server that stems from a lack of input cleanup and a directory traversal vulnerability...

node-sass-with-bindings (>=4.5.5 <=4.5.6) potentially affected by CVE-2022-25895 via lite-dev-server (=3.2.7)

lite-dev-server NPM version =3.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on lite-dev-server and may be impacted: - node-sass-with-bindings =4.5.5, =4.5.6 Source cves: CVE-2022-25895 Source advisory: SNYK:JS-LITEDEVSERVER-3153718...

Directory Traversal

static-dev-server is vulnerable to directory traversal. The vulnerability is due when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory which allows an attacker to gain access to the restricted file directories and perfo...

static-dev-server directory traversal vulnerability

static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...

GHSA-7FXM-C848-89Q8 static-dev-server vulnerable to path traversal

A path traversal vulnerability affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. There is currently no known workaround or fix for this issue...

CVE-2022-25848

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

Directory traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848 Directory Traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848 Directory Traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

CVE-2022-25848

CVE-2022-25848 affects all versions of the npm package static-dev-server. The root cause is a directory traversal vulnerability caused by how paths from users to the root directory are joined, causing assets to be resolved relative to the root. This can enable access to arbitrary files on the und...

PT-2022-17565 · Unknown · Static-Dev-Server

Name of the Vulnerable Software and Affected Versions: static-dev-server versions all Description: A path traversal issue affects the package. This occurs because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory...

static-dev-server 路径遍历漏洞

static-dev-server is a simple http server for serving static resource files from a local directory and automatically reloading them when they change. A directory traversal vulnerability exists in all versions of npm static-dev-server, which stems from a lack of validity checking of paths when...

Directory Traversal

Overview static-dev-server is an A simple http server to serve static resource files from a local directory and auto reload when file change. Affected versions of this package are vulnerable to Directory Traversal. This is because when paths from users to the root directory are joined, the assets...

@0x77/ccpack (>=0.0.0 <=0.1.5), @aio-server/core (>=0.0.1 <=0.0.1001) +87 more potentially affected by CVE-2022-39386 via fastify-websocket (>=0.3.0 <=4.3.0)

fastify-websocket NPM version =0.3.0, =0.0.0, =0.0.1, =0.0.1, =0.0.15, =0.0.13, =1.0.0, =0.2.42, =1.0.0, =2.0.3, =9.1.1, =9.1.4 and more Source cves: CVE-2022-39386 Source advisory: OSV:GHSA-4PCG-WR6C-H9CQ...

MAL-2022-7105 Malicious code in webpback-dev-esrver (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a8d0d272d86340f504944bad6bcbfca405fd215d44bdb0a9b2e77110713c88a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3825 Malicious code in ing-kit-dev-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f848b88df8633c5af2c7442a7c90bb78ed5eb5597fb28786966fe4cbc5f83e3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-0343

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

CVE-2022-0343

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...