GHSA-vcxh-qvgr-9fw9

Source

https://github.com/advisories/GHSA-vcxh-qvgr-9fw9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-vcxh-qvgr-9fw9/GHSA-vcxh-qvgr-9fw9.json

Aliases

CVE-2023-26126

Published

2023-05-10T06:30:27Z

Modified

2023-11-08T04:11:59.006425Z

Details

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-26126
https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998
https://github.com/ivoputzer/m.static
https://github.com/ivoputzer/m.static/blob/master/index.js#L19
https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915

Affected packages

npm / m.static

Package

Name: m.static

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Last affected

2.2.0