Lucene search
+L

43 matches found

veracode
veracode
added 2025/11/17 9:19 a.m.6 views

Improper Input Validation

@nubosoftware/node-static is vulnerable to improper input validation.The vulnerability is due to the package failing to handle null-byte %00 input correctly, which allows an attacker to trigger an exception and crash the server...

7.5CVSS7AI score0.00489EPSS
Exploits0References3Affected Software2
nessus
nessus
added 2025/10/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-11149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of the package node-static; all versions of the package @nubosoftware/node- static. The package fails to catch an exception when user...

7.5CVSS5.8AI score0.00489EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.25 views

EUVD-2025-31700

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00489EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/10/02 4:58 p.m.17 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Mitigation Mitigation for this issue is...

7.5CVSS6.4AI score0.00489EPSS
Exploits0References6
osv
osv
added 2025/09/30 12:30 p.m.6 views

GHSA-27W5-GJ5Q-82FV @nubosoftware/node-static failure to catch exception can result in server crash

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.5AI score0.00489EPSS
Exploits0References6
github
github
added 2025/09/30 12:30 p.m.19 views

@nubosoftware/node-static failure to catch exception can result in server crash

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.5AI score0.00489EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2025/09/30 11:37 a.m.45 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS0.00489EPSS
Exploits0References3
osv
osv
added 2025/09/30 11:37 a.m.8 views

DEBIAN-CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS5.3AI score0.00489EPSS
Exploits0References1
osv
osv
added 2025/09/30 11:37 a.m.5 views

UBUNTU-CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS5.8AI score0.00489EPSS
Exploits0References5
cve
cve
added 2025/09/30 5:0 a.m.34 views

CVE-2025-11149

CVE-2025-11149 affects all versions of node-static and @nubosoftware/node-static. The root issue is that the package fails to catch an exception when user input contains null bytes, allowing an attacker to access the URL http://host/%00 and cause a server crash. The connected Nessus/Red Hat/GHSA/...

7.5CVSS6.5AI score0.00489EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/09/30 5:0 a.m.2 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.5AI score0.00489EPSS
Exploits0References3
cvelist
cvelist
added 2025/09/30 5:0 a.m.36 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS0.00489EPSS
Exploits0References3
osv
osv
added 2025/09/30 5:0 a.m.9 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.6AI score0.00489EPSS
Exploits0References5
debiancve
debiancve
added 2025/09/30 5:0 a.m.10 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS5.2AI score0.00489EPSS
Exploits0
cnnvd
cnnvd
added 2025/09/30 12:0 a.m.5 views

node-static 安全漏洞

node-static is an rfc 2616-compliant HTTP static file server module with built-in caching by Alexis Sellier, an individual developer. A security vulnerability exists in node-static that stems from an uncaught user input exception containing a null byte, which could cause the server to crash...

7.5CVSS6.3AI score0.00489EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2025/09/30 12:0 a.m.8 views

PT-2025-40035

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.8AI score0.00489EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/05/23 4:39 a.m.8 views

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

7.5CVSS6.8AI score0.01445EPSS
Exploits1References1
veracode
veracode
added 2023/03/09 6:5 p.m.21 views

Directory Traversal

node-static is vulnerable to Directory Traversal. The vulnerability exists due to the servePath function in node-static.js, which allows a remote attacker to access restricted data outside the intended directory due to improper file path sanitization...

7.5CVSS7.2AI score0.01445EPSS
Exploits1References4Affected Software2
vulnersosv
vulnersosv
added 2023/03/06 6:30 a.m.5 views

40au-isteven-angular-multiselect (=4.0.0), @abcd19/st-grid (=3.1.0) +723 more potentially affected by CVE-2023-26111 via node-static (>=0.5.6 <=0.7.11)

node-static NPM version =0.5.6, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 - @beadswap/lib =0.0.1 and more Source cves: CVE-2023-26111 Source advisory: OSV:GHSA-5G97-WHC9-8G7J...

7.5CVSS7AI score0.01445EPSS
Exploits1
github
github
added 2023/03/06 6:30 a.m.32 views

node-static and @nubosoftware/node-static vulnerable to Directory Traversal

node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

7.5CVSS7.5AI score0.01445EPSS
Exploits1References6Affected Software2
Rows per page
Query Builder