static-server Path Traversal vulnerability

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...

CVE-2023-26152

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...

CVE-2023-26152

CVE-2023-26152 affects the static-server package. The vulnerability stems from improper input sanitization in the validPath function of server.js, enabling Directory Traversal to access files outside the intended directory. Exploitation details, affected versions, and remediation are not provided...

CVE-2023-26152

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js...

static-server path traversal vulnerability

statics-server is a server used to collect information about the environment in which Joomla is installed. A path traversal vulnerability exists in statics-server, which stems from improperly cleaned input passed via the validPath function of server.js, making it susceptible to directory traversa...

@anfo/difftool (>=0.0.1 <=0.0.11), @bdefore/nivo-patterned-radial-arc (=0.79.1) +134 more potentially affected by CVE-2023-26152 via static-server (>=2.0.0 <=3.0.0)

static-server NPM version =2.0.0, =0.0.1, =0.0.1, =2.0.0, =0.1.21, =0.5.0, =0.0.1, =2.59.1-alpha.1, =1.1.0, =3.0.3, =0.1.10, =1.0.0, =1.0.2 and more Source cves: CVE-2023-26152 Source advisory: SNYK:JS-STATICSERVER-5722341...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. PoC 1 Make sure you have a public/ directory with files in it. 2 Make sure you have a public-isprivate directory with files in it. 3...

serve-lite 跨站脚本漏洞

serve-lite is a lightweight http server for static file-based web development. A security vulnerability exists in serve-lite that stems from presenting file listings without cleaning or escaping them when a request for a directory is received...

Directory Traversal

easy-static-server is vulnerable to directory traversal. The vulnerability exists in the easyServer function of index.js due to missing input sanitization which allows an attacker to access files and directories that are stored outside the intended folder via req.url...

CVE-2022-25931 Directory Traversal

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

CVE-2022-25931

CVE-2022-25931 affects all versions of the npm package easy-static-server. The root cause is missing input sanitization and the use of sandboxes around req.url in the easyServer function (index.js), enabling a Directory Traversal attack to access files/directories outside the intended folder. Doc...

GHSA-WCWM-C3MR-PXCR easy-static-server vulnerable to Directory Traversal

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

easy-static-server vulnerable to Directory Traversal

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

CVE-2022-25931

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code...

easy-static-server 路径遍历漏洞

npm easy-static-server is a simple static file server from the US company npm. A security vulnerability exists in easy-static-server, which stems from a lack of input cleanup and vulnerability to directory traversal attacks...

cobalt-bin (>=0.7.4 <=0.17.5), hyper-static-server (>=0.1.1 <=0.5.1) +10 more potentially affected by unknown CVE via sass-rs (=0.2.2)

sass-rs CARGO version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on sass-rs and may be impacted: - cobalt-bin =0.7.4, =0.1.1, =0.1.6, =0.1.0, =0.1.0, =0.1.2, =0.1.1-alpha1, =0.7.0, =0.1.0, =0.1.2, =0.1.8 Source cves: unknown CVE Source advisor...

GHSA-QJFH-XC44-RM9X Path Traversal in file-static-server

All versions of file-static-server are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is mad...

Path Traversal in file-static-server

All versions of file-static-server are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is mad...

Directory Traversal

static-server-gx is vulnerable to directory traversal. The vulnerability exists as it does not validate the file path for input such as ../, allowing the escape from the target root directory...

statichttpserver Path Traversal Vulnerability

statichttpserver is a static file server. A path traversal vulnerability exists in statichttpserver version 0.9.7 and earlier, which can be exploited by an attacker to access locations outside of a restricted directory...