GHSA-vcxh-qvgr-9fw9

Suggest an improvement
Source
https://github.com/advisories/GHSA-vcxh-qvgr-9fw9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-vcxh-qvgr-9fw9/GHSA-vcxh-qvgr-9fw9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vcxh-qvgr-9fw9
Aliases
  • CVE-2023-26126
Published
2023-05-10T06:30:27Z
Modified
2023-11-08T04:11:59.006425Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
m.static Directory Traversal vulnerability
Details

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

Database specific 
{
    "github_reviewed_at": "2023-05-11T20:39:15Z",
    "github_reviewed": true,
    "nvd_published_at": "2023-05-10T05:15:08Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "severity": "HIGH"
}
References

Affected packages

npm / m.static

Package

Name
m.static
View open source insights on deps.dev
Purl
pkg:npm/m.static

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.2.0