Security
Headlines

Headlines Latest CVEs

Headline

GHSA-7fxm-c848-89q8: static-dev-server vulnerable to path traversal

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. There is currently no known workaround or fix for this issue.

2 years ago

static-dev-server vulnerable to path traversal

High severity GitHub Reviewed Published Nov 29, 2022 • Updated Dec 2, 2022

Related news

CVE-2022-25848: Snyk Vulnerability Database | Snyk

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.

2 years ago

#vulnerability #nodejs

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

18 hours ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

19 hours ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

19 hours ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

21 hours ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

21 hours ago