CVE-2022-25931

All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
Configurations

Configuration 1 (hide)

cpe:2.3:a:easy-static-server_project:easy-static-server:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 06:53

Type Values Removed Values Added
References () https://gist.github.com/lirantal/fdfbe26561788c8194a54bf6d31772c9 - Exploit, Third Party Advisory () https://gist.github.com/lirantal/fdfbe26561788c8194a54bf6d31772c9 - Exploit, Third Party Advisory
References () https://github.com/cunjieliu/easyServer/blob/master/index.js%23L27 - Broken Link, Third Party Advisory () https://github.com/cunjieliu/easyServer/blob/master/index.js%23L27 - Broken Link, Third Party Advisory
References () https://security.snyk.io/vuln/SNYK-JS-EASYSTATICSERVER-3153539 - Exploit, Third Party Advisory () https://security.snyk.io/vuln/SNYK-JS-EASYSTATICSERVER-3153539 - Exploit, Third Party Advisory

Information

Published : 2022-12-20 05:15

Updated : 2024-11-21 06:53


NVD link : CVE-2022-25931

Mitre link : CVE-2022-25931

CVE.ORG link : CVE-2022-25931


JSON object : View

Products Affected

easy-static-server_project

  • easy-static-server
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')