Lucene search
China National Vulnerability DatabaseCNVD-2022-85490HistoryDec 01, 2022 - 12:00 a.m.
static-dev-server directory traversal vulnerability
2022-12-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
static-dev-server
http server
directory traversal
validity checking
file system
web requests
vulnerability
npm
cnvd
EPSS
0.002
Percentile
57.4%
static-dev-server is a simple http server for serving static resource files from local directories and automatically reloading them when they change. npm static-dev-server in all versions suffers from a directory traversal vulnerability that stems from a lack of validity checking of paths when handling directory requests, which can be exploited by attackers to retrieve arbitrary files from the underlying file system via specially designed web requests to retrieve arbitrary files from the underlying file system.
Related
cvelist
cvelist
CVE-2022-25848 Directory Traversal
2022-11-29 16:50:11
osv
osv
static-dev-server vulnerable to path traversal
2022-11-29 18:30:18
prion
prion
Directory traversal
2022-11-29 17:15:00
github
github
static-dev-server vulnerable to path traversal
2022-11-29 18:30:18
veracode
veracode
Directory Traversal
2022-12-01 14:42:37
nvd
nvd
CVE-2022-25848
2022-11-29 17:15:11
cve
cve
CVE-2022-25848
2022-11-29 17:15:11