CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Mitigation Mitigation for this issue is...

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

PT-2025-39959

Name of the Vulnerable Software and Affected Versions node-static affected versions not specified @nubosoftware/node-static affected versions not specified Description The software does not properly handle user input containing null bytes. This can allow attackers to access http://host/%00 and...

Denial of Service

Overview All versions of node-static are vulnerable to a Denial of Service. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Recommendation No fix is currently available. Consider using an alternativ...