CVE-2023-26126 Vulnerability in npm package m.static

Description

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

Remediation

References

https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998

https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915

Related Vulnerabilities

CVE-2021-21479 Vulnerability in maven package com.sap.scimono:scimono-server

CVE-2020-12265 Vulnerability in maven package org.webjars.npm:decompress-tar

CVE-2021-21254 Vulnerability in npm package @ckeditor/ckeditor5-markdown-gfm

CVE-2022-23458 Vulnerability in npm package tui-grid

CVE-2022-25898 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign

Severity

Medium

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N