Description
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.
Remediation
References
https://hackerone.com/reports/695416
Related Vulnerabilities
CVE-2019-1010091 Vulnerability in npm package tinymce
CVE-2022-42466 Vulnerability in maven package org.apache.isis.core:isis-applib
CVE-2022-26884 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server
CVE-2020-7629 Vulnerability in npm package install-package
CVE-2020-13697 Vulnerability in maven package org.nanohttpd:nanohttpd-nanolets