Описание
Path Traversal in statics-server
All versions of statics-server are vulnerable to Path Traversal. The package fails to limit access to files outside of the served folder through symlinks.
Recommendation
No fix is currently available. Do not use statics-server in production or consider using an alternative module until a fix is made available.
Пакеты
Наименование
statics-server
npm
Затронутые версииВерсия исправления
<= 0.0.9
Отсутствует
Связанные уязвимости
CVSS3: 7.5
nvd
около 6 лет назад
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.