Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12Y3hoLXF2Z3ItOWZ3Oc4AAzNm
m.static Directory Traversal vulnerability
All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.
Permalink: https://github.com/advisories/GHSA-vcxh-qvgr-9fw9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Y3hoLXF2Z3ItOWZ3Oc4AAzNm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 1 year ago
Updated: 6 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-vcxh-qvgr-9fw9, CVE-2023-26126
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-26126
- https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998
- https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915
- https://github.com/ivoputzer/m.static/blob/master/index.js#L19
- https://github.com/advisories/GHSA-vcxh-qvgr-9fw9
Blast Radius: 0.0
Affected Packages
npm:m.static
Dependent packages: 2Dependent repositories: 1
Downloads: 24 last month
Affected Version Ranges: <= 2.2.0
No known fixed version
All affected versions: 1.1.0, 1.2.0, 1.3.0, 2.0.0, 2.0.1, 2.1.0, 2.2.0