Описание
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-serve-static | fixed | 2.1.0+~1.15.7-1 | package | |
| node-serve-static | no-dsa | bookworm | package | |
| node-serve-static | postponed | bullseye | package |
Примечания
https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p
https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b (1.16.0)
https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa (2.1.0)
EPSS
Связанные уязвимости
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
serve-static affected by template injection that can lead to XSS
serve-static vulnerable to template injection that can lead to XSS
EPSS