8 matches found
UBUNTU-CVE-2026-34785
Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Static determines whether a request should be served as a static file using a simple string prefix check. When configured with URL prefixes such as "/css", it matches any request path that begins with...
EUVD-2025-175780
Malicious code in upsilon-sandbox-static-module-validate npm...
EUVD-2018-0759
Malware in sbrugna...
Directory Traversal
Overview @nubosoftware/node-static is a simple, compliant file streaming module for node Affected versions of this package are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function. PoC js curl --path-as-is...
Design/Logic Flaw
A redirect vulnerability in the fastify-static module version 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: tru...
CVE-2018-16474
A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...
CVE-2018-16474
CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...
CVE-2018-3734
stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path...