Home > Vulnerability Database > CVE-2022-25895

Mend.io Vulnerability Database

CVE-2022-25895

Date: December 21, 2022

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.

Severity Score

7.5

Related Resources (6)

Url: https://github.com/shadowwzw/lite-dev-server/blob/master/src/server.js%23L134

Url: https://github.com/shadowwzw/lite-dev-server/blob/master/src/server.js#23L134

Url: https://github.com/shadowwzw/lite-dev-server

Url: https://gist.github.com/lirantal/0f8a48c3f5ac581ce73123abe9f7f120

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-25895

Url: https://www.mend.io/vulnerability-database/CVE-2022-25895

Severity Score

7.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-25895

Date: December 21, 2022

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?