Headline
GHSA-5g97-whc9-8g7j: node-static and @nubosoftware/node-static vulnerable to Directory Traversal
node-static and the fork @nubosoftware/node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
High severity GitHub Reviewed Published Mar 6, 2023 to the GitHub Advisory Database • Updated Mar 7, 2023
Related news
CVE-2023-26111
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.