Static Web Server vulnerable to a symbolic link path traversal
Symbolic links (symlinks) could be used to access files or directories outside the intended web root folder.
Advisories for Cargo/Static-Web-Server package
2025
2024
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like <img src=x onerror=alert(1)>.txt will allow JavaScript code execution in the context of the web server’s domain.