We found results for “”
WS-2018-0116
Good to know:
Date: February 28, 2018
"All versions of superstatic are vulnerable to path traversal when used on Windows.Additionally, it is vulnerable to path traversal on other platforms combined with certain Node.js versions which erroneously normalize \\\\ to / in paths on all platforms (a known example being Node.js v9.9.0)."
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Path Traversal
CWE-22Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |