54 matches found
MAL-2026-3491 Malicious code in @tanstack/start-static-server-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @tanstack/start-static-server-functions (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb21ff47aa0e512d1f67b02a37d160b475e32fcaa76bea381298a976c3bdd673 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Astra Linux - уязвимость в haproxy
Before version 2.8.2, HAProxy allowed to be part of the URI component. This could allow remote attackers to obtain sensitive information or cause unspecified other issues due to misinterpretation of the pathend rule, such as routing index.html.png to a static server...
EUVD-2023-2815
Malicious code in bioql PyPI...
EUVD-2022-7760
Malicious code in bioql PyPI...
HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
...
CVE-2023-26152
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...
Malicious code in console-webapp-static-server (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 881f4b0e9d871a25620edd0bdf015644703eb56726d7b1785e5e0eb18ca32e36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
Path Traversal
@hono/node-server is vulnerable to Path Traversal. The vulnerability is due to improper url string validation in src/request.ts, allowing an attacker to use .. in the request URL to access arbitrary files on the static server...
UBUNTU-CVE-2023-45539
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
Information Disclosure
haproxy is vulnerable to Information Disclosure. The vulnerability exists in the URI component, potentially allowing an attacker to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule. This could include scenarios like routing index.html.png to a...
CVE-2023-45539
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
CVE-2023-45539
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
CVE-2023-45539
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
CVE-2023-45539
HAProxy before 2.8.2 accepts as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a pathend rule, such as routing index.html.png to a static server...
Path Traversal
static-server is vulnerable to Path Traversal. The vulnerability exists because the library does not properly validate file paths in server.js, allowing an attacker to access files outside the expected directory and read arbitrary files through the relative path such as \..\filename...
@anfo/difftool (>=0.0.1 <=0.0.11), @bdefore/nivo-patterned-radial-arc (=0.79.1) +125 more potentially affected by CVE-2023-26152 via static-server (>=2.0.0 <=2.2.1)
static-server NPM version =2.0.0, =0.0.1, =0.0.1, =2.0.0, =0.1.21, =0.5.0, =0.0.1, =2.59.1-alpha.1, =1.1.0, =3.0.3, =0.1.10, =1.0.0, =1.0.2 and more Source cves: CVE-2023-26152 Source advisory: OSV:GHSA-V834-RHV4-65M3...
static-server Path Traversal vulnerability
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...