GHSA-j27j-4w6m-8fc4

Suggest an improvement
Source
https://github.com/advisories/GHSA-j27j-4w6m-8fc4
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-j27j-4w6m-8fc4/GHSA-j27j-4w6m-8fc4.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-j27j-4w6m-8fc4
Aliases
  • CVE-2019-15596
Published
2020-03-31T17:02:12Z
Modified
2023-11-08T04:01:14.525767Z
Summary
Path Traversal in statics-server
Details

All versions of statics-server are vulnerable to Path Traversal. The package fails to limit access to files outside of the served folder through symlinks.

Recommendation

No fix is currently available. Do not use statics-server in production or consider using an alternative module until a fix is made available.

Database specific 
{
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-03-31T15:38:57Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
}
References

Affected packages

npm / statics-server

Package

Name
statics-server
View open source insights on deps.dev
Purl
pkg:npm/statics-server

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.0.9

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-j27j-4w6m-8fc4/GHSA-j27j-4w6m-8fc4.json"