Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/10/02 4:58 p.m.17 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Mitigation Mitigation for this issue is...

7.5CVSS6.4AI score0.00489EPSS
Exploits0References6
osv
osv
added 2023/03/06 5:15 a.m.14 views

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

7.5CVSS5.8AI score0.01445EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2021/09/22 12:0 a.m.4 views

PT-2025-39959

Name of the Vulnerable Software and Affected Versions node-static affected versions not specified @nubosoftware/node-static affected versions not specified Description The software does not properly handle user input containing null bytes. This can allow attackers to access http://host/%00 and...

7.5CVSS6.4AI score0.00489EPSS
Exploits0References17
nodejs
nodejs
added 2019/10/11 6:6 p.m.33 views

Denial of Service

Overview All versions of node-static are vulnerable to a Denial of Service. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Recommendation No fix is currently available. Consider using an alternativ...

6.8AI score
Exploits0Affected Software1
Rows per page
Query Builder