This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.
References
Link | Resource |
---|---|
https://gist.github.com/lirantal/5550bcd0bdf92c1b56fbb20e141fe5bd | Exploit Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-STATICDEVSERVER-3149917 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-11-29 17:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-25848
Mitre link : CVE-2022-25848
CVE.ORG link : CVE-2022-25848
JSON object : View
Products Affected
static-dev-server_project
- static-dev-server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')