CVE-2023-26152

Опубликовано: 03 окт. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.

Ссылки

https://gist.github.com/lirantal/1f7021703a2065ecaf9ec9e06a3a346d
Exploit
Third Party Advisory
https://github.com/nbluis/static-server/blob/master/server.js%23L218-L223
Product
https://security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341
Exploit
Third Party Advisory
https://gist.github.com/lirantal/1f7021703a2065ecaf9ec9e06a3a346d
Exploit
Third Party Advisory
https://github.com/nbluis/static-server/blob/master/server.js%23L218-L223
Product
https://security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nbluis:static-server:*:*:*:*:*:node.js:*:*

Версия до 3.0.0 (включая)

EPSS

Процентиль: 73%

0.00766

Низкий

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-v834-rhv4-65m3