GHSA-vcxh-qvgr-9fw9

Source

https://github.com/advisories/GHSA-vcxh-qvgr-9fw9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-vcxh-qvgr-9fw9/GHSA-vcxh-qvgr-9fw9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-vcxh-qvgr-9fw9

Aliases

CVE-2023-26126

Published

2023-05-10T06:30:27Z

Modified

2025-09-26T21:42:21Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

m.static Directory Traversal vulnerability

Details

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

Database specific

{
    "nvd_published_at": "2023-05-10T05:15:08Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed_at": "2023-05-11T20:39:15Z",
    "github_reviewed": true
}

References

Affected packages

npm / m.static

Package

Name: m.static; View open source insights on deps.dev
Purl: pkg:npm/m.static

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.2.0