CVE-2019-5480
CVE-2019-5480 applies to statichttpserver (npm) up to version 0.9.7. The vulnerability is a path traversal flaw where the server builds a file path from the URL (e.g., using ../), allowing an attacker to list files outside the web root. Public disclosures (GitHub advisory, OSV, Red Hat) confirm t...