EPSS
Percentile
75.2%
mcstatic is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of the file name from req.url, allowing malicious users to perform directory traversal attacks.
req.url
github.com/tjchaplin/mcstatic/blob/master/lib/responseHandlers.js#L22-L35
hackerone.com/bl4de
hackerone.com/reports/312907