Описание
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-static | unfixed | package | ||
| node-static | no-dsa | trixie | package | |
| node-static | no-dsa | bookworm | package | |
| node-static | no-dsa | bullseye | package |
EPSS
Связанные уязвимости
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
@nubosoftware/node-static failure to catch exception can result in server crash
EPSS