Description
All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.
Remediation
References
https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915
https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998
Related Vulnerabilities
CVE-2022-36912 Vulnerability in maven package org.jenkins-ci.plugins:openstack-heat
CVE-2018-3757 Vulnerability in npm package pdf-image
CVE-2021-21422 Vulnerability in npm package mongo-express
CVE-2021-33611 Vulnerability in maven package org.webjars.bowergithub.vaadin:vaadin-menu-bar
CVE-2023-22899 Vulnerability in maven package net.lingala.zip4j:zip4j