2 matches found
CVE-2025-11149
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Mitigation Mitigation for this issue is...
CVE-2025-11149
CVE-2025-11149 affects all versions of node-static and @nubosoftware/node-static. The root issue is that the package fails to catch an exception when user input contains null bytes, allowing an attacker to access the URL http://host/%00 and cause a server crash. The connected Nessus/Red Hat/GHSA/...