m.static is vulnerable to Path Traversal. The vulnerability exists due to the improper path sanitization in the requestFile
parameter in the requestListener
function of index.js
, which allows an attacker to access files outside the expected directory through relative paths.