CVE-2023-26126 – m.static

Package

Manager: npm
Name: m.static
Vulnerable Version: >=0 <=2.2.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0027 pctl0.50154

Details

m.static Directory Traversal vulnerability All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

Metadata

Created: 2023-05-10T06:30:27Z
Modified: 2023-05-17T12:59:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-vcxh-qvgr-9fw9/GHSA-vcxh-qvgr-9fw9.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-vcxh-qvgr-9fw9
Finding: F063
Auto approve: 1