docpress (>=0.1.0 <=0.5.5), metalsmith-start (>=0.6.0 <=1.3.4) +1 more potentially affected by CVE-2021-3189 via slashify (>=0.1.0 <=1.0.0)

slashify NPM version =0.1.0, =0.1.0, =0.6.0, =0.13.3, =1.2.3 Source cves: CVE-2021-3189 Source advisory: OSV:GHSA-F4HQ-453J-P95F...

Directory Traversal

superstatic is vulnerable to directory traversal. Lack of validation in the file path allows a user to access to system files through the path name using the ../ characters...

GHSA-WM77-Q74P-5763 Path Traversal in superstatic

Affected of superstatic are vulnerable to path traversal when used on Windows. Additionally, it is vulnerable to path traversal on other platforms combined with certain Node.js versions which erroneously normalize \ to / in paths on all platforms a known example being Node.js v9.9.0...

@askelephant/firebase-tools (>=15.4.0 <=15.5.1), @erosolarcoder/erosolar-coder (>=1.0.87 <=1.0.93) +33 more potentially affected by unknown CVE via superstatic (>=0.4.11 <=5.0.1)

superstatic NPM version =0.4.11, =15.4.0, =1.0.87, =2.0.0, =0.3.0, =1.0.0-alpha.0, =0.1.1, =0.1.3, =1.0.0, =0.0.1, =2.0.0, =2.4.0 - @uniqueminds/firebase-tools =14.27.0 - @xanderia/xata =0.2.0 - angular-cli-firebase-hosting =0.1.0 - artificialintelligenceiseven =2.0.0 - claude-project =5.2.0 and...

Path Traversal in superstatic

Affected of superstatic are vulnerable to path traversal when used on Windows. Additionally, it is vulnerable to path traversal on other platforms combined with certain Node.js versions which erroneously normalize \ to / in paths on all platforms a known example being Node.js v9.9.0...

Path Traversal

Overview All versions of superstatic are vulnerable to path traversal when used on Windows. Additionally, it is vulnerable to path traversal on other platforms combined with certain Node.js versions which erroneously normalize \ to / in paths on all platforms a known example being Node.js v9.9.0...

Directory Traversal

superstatic is vulnerable to directory traversal. The attack exists because it does not check the decoded path has..\ which allow traversal to parent directories in Windows...

Node.js third-party modules: `superstatic` is vulnerable to path traversal on Windows

I would like to report path traversal vulnerability in superstatic It allows to read arbitrary out-of-dir files when running on the Windows platform Module module name: superstatic version: 5.0.1 npm page: https://www.npmjs.com/package/superstatic Module Description Superstatic is an enhanced...