server-static

vulnerability directory traversal
severity 7.5
language javascript
registry npm

Overview

server-static is a static file server, this package is vulnerable to Directory Traversal, which may allow access to sensitive files and data on the server.

For example, requesting the following URL: /../../etc/passwd would result in /etc/passwd leaking.

References