CVE-2023-26126 Vulnerability in npm package m.static

Description

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

Remediation

References

https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998

https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915

Related Vulnerabilities

CVE-2021-23807 Vulnerability in npm package jsonpointer

CVE-2022-29078 Vulnerability in maven package org.webjars.npm:ejs

CVE-2020-16040 Vulnerability in npm package electron

CVE-2020-15366 Vulnerability in npm package ajv

CVE-2020-36180 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Medium

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N