28 matches found
EUVD-2020-0348
Malware in sbrugna...
EUVD-2022-2146
Malicious code in bioql PyPI...
CVE-2019-15596
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory...
statics-server Cross-site Scripting vulnerability
An XSS in statics-server element without escaping, which allows to embed HTML tag with src attribute points to another HTML file in the directory. This file can contain malicious JavaScript code, which will be executed: js // ./nodemodules/statics-server/index.js, line 18:...
GHSA-393X-FR59-R8FG statics-server Cross-site Scripting vulnerability
An XSS in statics-server element without escaping, which allows to embed HTML tag with src attribute points to another HTML file in the directory. This file can contain malicious JavaScript code, which will be executed: js // ./nodemodules/statics-server/index.js, line 18:...
GHSA-J27J-4W6M-8FC4 Path Traversal in statics-server
All versions of statics-server are vulnerable to Path Traversal. The package fails to limit access to files outside of the served folder through symlinks. Recommendation No fix is currently available. Do not use statics-server in production or consider using an alternative module until a fix is...
Path Traversal in statics-server
All versions of statics-server are vulnerable to Path Traversal. The package fails to limit access to files outside of the served folder through symlinks. Recommendation No fix is currently available. Do not use statics-server in production or consider using an alternative module until a fix is...
statics-server path traversal vulnerability
statics-server is a server for collecting information about Joomla installation environment. A path traversal vulnerability exists in statics-server. The vulnerability stems from a failure of a networked system or product to properly filter special elements in the path of a resource or file. An...
CVE-2019-15596
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory...
CVE-2019-15596
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory...
Path traversal
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory...
CVE-2019-15596
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory...
Path Traversal
Overview All versions of statics-server are vulnerable to Path Traversal. The package fails to limit access to files outside of the served folder through symlinks. Recommendation No fix is currently available. Do not use statics-server in production or consider using an alternative module until a...
Directory Traversal
statics-server is vulnerable to directory traversal. The attack is possible using a symlink inside the project directory, allowing an attacker to read arbitrary file on the server...
Node.js third-party modules: Path traversal using symlink
I would like to report Path Traversal in statics-server Module module name: statics-server version: 0.0.9 npm page: https://www.npmjs.com/package/statics-server Module Description npm install statics-server -g Go to the folder you want to statics-server Run the server statics-server Module Stats...
GHSA-74CP-QW7F-7HPW Path Traversal in statics-server
All versions of statics-server are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...
Path Traversal in statics-server
All versions of statics-server are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...
Directory Traversal
statics-server is vulnerable to directory traversal attacks. The vulnerability exists as the value of staticPath is not sanitized, allowing any file on the server to be read...
Path Traversal
Overview All versions of statics-server are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available. References...
statics-server cross-site scripting vulnerability
statics-server is a static file server. A cross-site scripting vulnerability exists in statics-server 0.0.9 and earlier versions. A remote attacker can exploit this vulnerability by injecting an iframe into a file name to execute arbitrary JavaScript code...