Description
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.
Remediation
References
https://hackerone.com/reports/695416
Related Vulnerabilities
CVE-2020-11002 Vulnerability in maven package io.dropwizard:dropwizard-validation
CVE-2020-28469 Vulnerability in maven package org.webjars.bowergithub.es128:glob-parent
CVE-2022-31151 Vulnerability in npm package undici
CVE-2023-26136 Vulnerability in maven package org.webjars.npm:tough-cookie
CVE-2021-25933 Vulnerability in maven package org.opennms:opennms-webapp