@nubosoftware/node-static@0.7.11 vulnerabilities

simple, compliant file streaming module for node

Direct Vulnerabilities

Known vulnerabilities in the @nubosoftware/node-static package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

@nubosoftware/node-static is a simple, compliant file streaming module for node

Affected versions of this package are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.

How to fix Directory Traversal?

There is no fixed version for @nubosoftware/node-static.

*
  • H
Denial of Service (DoS)

@nubosoftware/node-static is a simple, compliant file streaming module for node

Affected versions of this package are vulnerable to Denial of Service (DoS). The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.

How to fix Denial of Service (DoS)?

A fix was pushed into the master branch but not yet published.

*