CVE-2022-25895

Опубликовано: 21 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.

Ссылки

https://gist.github.com/lirantal/0f8a48c3f5ac581ce73123abe9f7f120
Exploit
Third Party Advisory
https://github.com/shadowwzw/lite-dev-server/blob/master/src/server.js%23L134
Broken Link
https://security.snyk.io/vuln/SNYK-JS-LITEDEVSERVER-3153718
Exploit
Third Party Advisory
https://gist.github.com/lirantal/0f8a48c3f5ac581ce73123abe9f7f120
Exploit
Third Party Advisory
https://github.com/shadowwzw/lite-dev-server/blob/master/src/server.js%23L134
Broken Link
https://security.snyk.io/vuln/SNYK-JS-LITEDEVSERVER-3153718
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lite-dev-server_project:lite-dev-server:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01448

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-pppv-ch8p-rp2w