CVE-2023-26126 Vulnerability in npm package m.static

Description

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

Remediation

References

https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998

https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915

Related Vulnerabilities

CVE-2018-19838 Vulnerability in npm package node-sass

CVE-2023-7148 Vulnerability in maven package ml.shifu:shifu

CVE-2017-16102 Vulnerability in npm package serverhuwenhui

CVE-2021-21661 Vulnerability in maven package org.jenkins-ci.plugins:kubernetes-cli

CVE-2022-31160 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui

Severity

Medium

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N