Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03ZnhtLWM4NDgtODlxOM4AAwEt
static-dev-server vulnerable to path traversal
A path traversal vulnerability affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. There is currently no known workaround or fix for this issue.
Permalink: https://github.com/advisories/GHSA-7fxm-c848-89q8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03ZnhtLWM4NDgtODlxOM4AAwEt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-7fxm-c848-89q8, CVE-2022-25848
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25848
- https://gist.github.com/lirantal/5550bcd0bdf92c1b56fbb20e141fe5bd
- https://security.snyk.io/vuln/SNYK-JS-STATICDEVSERVER-3149917
- https://github.com/advisories/GHSA-7fxm-c848-89q8
Affected Packages
npm:static-dev-server
Dependent packages: 0Dependent repositories: 1
Downloads: 4 last month
Affected Version Ranges: = 1.0.0
No known fixed version
All affected versions: 1.0.0