Path Traversal in file-static-server

All versions of file-static-server are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

References

Reviewed Aug 31, 2020

Published to the GitHub Advisory Database Sep 3, 2020

Last updated Jan 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

Recommendation

References

Severity

EPSS score

Weaknesses

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE ID

GHSA ID

Source code

Uh oh!