static-dev-server is vulnerable to directory traversal. The vulnerability is due when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory which allows an attacker to gain access to the restricted file directories and perform unauthorized actions.