CVE-2017-16224
The CVE-2017-16224 entry concerns the Node.js module st, which serves static files. A crafted request can trigger an HTTP 301 redirect to an entirely different domain. This requires st to be serving from the server root (/) rather than a subdirectory (e.g., /static/). The redirect URL ends with U...