All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
References
Link | Resource |
---|---|
https://gist.github.com/lirantal/fdfbe26561788c8194a54bf6d31772c9 | Exploit Third Party Advisory |
https://github.com/cunjieliu/easyServer/blob/master/index.js%23L27 | Broken Link Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-EASYSTATICSERVER-3153539 | Exploit Third Party Advisory |
https://gist.github.com/lirantal/fdfbe26561788c8194a54bf6d31772c9 | Exploit Third Party Advisory |
https://github.com/cunjieliu/easyServer/blob/master/index.js%23L27 | Broken Link Third Party Advisory |
https://security.snyk.io/vuln/SNYK-JS-EASYSTATICSERVER-3153539 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/lirantal/fdfbe26561788c8194a54bf6d31772c9 - Exploit, Third Party Advisory | |
References | () https://github.com/cunjieliu/easyServer/blob/master/index.js%23L27 - Broken Link, Third Party Advisory | |
References | () https://security.snyk.io/vuln/SNYK-JS-EASYSTATICSERVER-3153539 - Exploit, Third Party Advisory |
Information
Published : 2022-12-20 05:15
Updated : 2024-11-21 06:53
NVD link : CVE-2022-25931
Mitre link : CVE-2022-25931
CVE.ORG link : CVE-2022-25931
JSON object : View
Products Affected
easy-static-server_project
- easy-static-server
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')