An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
6.1CVSS
5.9AI Score
0.001EPSS
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.
7.5CVSS
7.4AI Score
0.004EPSS