node-static is vulnerable to Directory Traversal. The vulnerability exists due to the servePath
function in node-static.js
, which allows a remote attacker to access restricted data outside the intended directory due to improper file path sanitization.