Lucene search
K

8 matches found

OSV
OSV
added 2026/04/02 5:16 p.m.4 views

UBUNTU-CVE-2026-34785

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...

7.5CVSS5.7AI score0.00387EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/13 3:23 a.m.1 views

EUVD-2025-175780

Malicious code in upsilon-sandbox-static-module-validate npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0759

Malware in sbrugna...

6.1CVSS6.1AI score0.00765EPSS
Exploits1References5
Snyk
Snyk
added 2022/11/28 12:55 p.m.3 views

Directory Traversal

Overview @nubosoftware/node-static is a simple, compliant file streaming module for node Affected versions of this package are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function. PoC js curl --path-as-is...

7.5CVSS7.6AI score0.01445EPSS
Exploits1References2
Prion
Prion
added 2021/10/14 3:15 p.m.14 views

Design/Logic Flaw

A redirect vulnerability in the fastify-static module version 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: tru...

5.8CVSS6.3AI score0.01132EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/06 7:29 p.m.3 views

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

6.1CVSS6AI score0.00765EPSS
Exploits1References1
CVE
CVE
added 2018/11/06 7:0 p.m.57 views

CVE-2018-16474

CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...

6.1CVSS6.3AI score0.00765EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/05/29 8:29 p.m.15 views

CVE-2018-3734

stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path...

7.5CVSS7.4AI score0.01918EPSS
Exploits1References1
Rows per page
Query Builder