GHSA-7fxm-c848-89q8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7fxm-c848-89q8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-7fxm-c848-89q8/GHSA-7fxm-c848-89q8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7fxm-c848-89q8
- Aliases
-
- CVE-2022-25848
- Published
- 2022-11-29T18:30:18Z
- Modified
- 2023-11-08T04:08:49.012572Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- static-dev-server vulnerable to path traversal
- Details
-
A path traversal vulnerability affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. There is currently no known workaround or fix for this issue.
- Database specific
{ "nvd_published_at": "2022-11-29T17:15:00Z", "cwe_ids": [ "CWE-22" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-12-02T22:21:45Z" }- References
Affected packages
npm / static-dev-server
Package
- Name
- static-dev-server
- View open source insights on deps.dev
- Purl
- pkg:npm/static-dev-server