Description
All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
Remediation
References
https://gist.github.com/lirantal/fdfbe26561788c8194a54bf6d31772c9
https://github.com/cunjieliu/easyServer/blob/master/index.js%23L27
https://security.snyk.io/vuln/SNYK-JS-EASYSTATICSERVER-3153539
Related Vulnerabilities
CVE-2023-49373 Vulnerability in maven package com.jfinal:jfinal
CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_2.13
CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-common
CVE-2022-31367 Vulnerability in npm package @strapi/strapi
CVE-2020-14195 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind