CVE-2023-26111

node-static and @nubosoftware/node-static vulnerable to Directory Traversal in npm/@nubosoftware/node-static

Identifiers

CVE-2023-26111, GHSA-5g97-whc9-8g7j

Package Slug

npm/@nubosoftware/node-static

Vulnerability

node-static and @nubosoftware/node-static vulnerable to Directory Traversal

Description

All versions of the package @nubosoftware/node-static; all versions of the package node-static is vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.

Affected Versions

All versions up to 0.7.11

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-03-08

source