CVE-2022-25931

Опубликовано: 20 дек. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.

Ссылки

https://gist.github.com/lirantal/fdfbe26561788c8194a54bf6d31772c9
Exploit
Third Party Advisory
https://github.com/cunjieliu/easyServer/blob/master/index.js%23L27
Broken Link
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-EASYSTATICSERVER-3153539
Exploit
Third Party Advisory
https://gist.github.com/lirantal/fdfbe26561788c8194a54bf6d31772c9
Exploit
Third Party Advisory
https://github.com/cunjieliu/easyServer/blob/master/index.js%23L27
Broken Link
Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-EASYSTATICSERVER-3153539
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:easy-static-server_project:easy-static-server:*:*:*:*:*:node.js:*:*

EPSS

Процентиль: 81%

0.01475

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-wcwm-c3mr-pxcr