GHSA-vcxh-qvgr-9fw9

Suggest an improvement
Source
https://github.com/advisories/GHSA-vcxh-qvgr-9fw9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-vcxh-qvgr-9fw9/GHSA-vcxh-qvgr-9fw9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vcxh-qvgr-9fw9
Aliases
  • CVE-2023-26126
Published
2023-05-10T06:30:27Z
Modified
2023-11-08T04:11:59.006425Z
Severity
  • CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
m.static Directory Traversal vulnerability
Details

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

References

Affected packages

npm / m.static

Package

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Last affected
2.2.0