Описание
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
EPSS
Процентиль: 17%
0.00054
Низкий
7.5 High
CVSS3
Дефекты
CWE-400
CWE-400
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 1 месяца назад
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
CVSS3: 7.5
debian
около 1 месяца назад
This affects all versions of the package node-static; all versions of ...
CVSS3: 7.5
github
около 1 месяца назад
@nubosoftware/node-static failure to catch exception can result in server crash
EPSS
Процентиль: 17%
0.00054
Низкий
7.5 High
CVSS3
Дефекты
CWE-400
CWE-400