Description
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
Remediation
References
https://security.snyk.io/vuln/SNYK-JS-EASYSTATICSERVER-3153539
https://gist.github.com/lirantal/fdfbe26561788c8194a54bf6d31772c9
https://github.com/cunjieliu/easyServer/blob/master/index.js%23L27
Related Vulnerabilities
CVE-2019-14653 Vulnerability in npm package editor.md
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2020-13951 Vulnerability in maven package org.apache.openmeetings:openmeetings-server
CVE-2022-25312 Vulnerability in maven package org.apache.any23:apache-any23
CVE-2021-28092 Vulnerability in maven package org.webjars:is-svg