CVE-2023-26126 Vulnerability in npm package m.static

Description

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

Remediation

References

https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998

https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915

Related Vulnerabilities

CVE-2021-23784 Vulnerability in npm package tempura

CVE-2022-23487 Vulnerability in npm package libp2p

CVE-2021-21351 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2023-24188 Vulnerability in maven package com.bstek.ureport:ureport2-core

CVE-2020-28501 Vulnerability in npm package es6-crawler-detect

Severity

Medium

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N