CVE-2023-26126 Vulnerability in npm package m.static

Description

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

Remediation

References

https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998

https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915

Related Vulnerabilities

CVE-2023-29214 Vulnerability in maven package org.xwiki.platform:xwiki-platform-panels-ui

CVE-2021-21344 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2021-43306 Vulnerability in maven package org.webjars.bowergithub.jquery-validation:jquery-validation

CVE-2020-8203 Vulnerability in maven package org.webjars.bowergithub.lodash:lodash

CVE-2020-7701 Vulnerability in npm package madlib-object-utils

Severity

Medium

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N