node-static@0.5.9 vulnerabilities
simple, compliant file streaming module for node
-
latest version
0.7.11
-
first published
13 years ago
-
latest version published
6 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the node-static package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
node-static is a rfc 2616 compliant HTTP static-file server module, with built-in caching. Affected versions of this package are vulnerable to Directory Traversal due to improper file path sanitization in the How to fix Directory Traversal? There is no fixed version for |
*
|
node-static is a rfc 2616 compliant HTTP static-file server module, with built-in caching. Affected versions of this package are vulnerable to Denial of Service (DoS). The package fails to catch an exception when user input includes null bytes. This allows attackers to access How to fix Denial of Service (DoS)? A fix was pushed into the |
*
|
node-static is a rfc 2616 compliant HTTP static-file server module, with built-in caching. Affected versions of this package are vulnerable to Open Redirect. The package fails to sanitize URLs and may redirect users to domains passed through the URL. The possible redirect domains are restricted to hosts whose name matches a served folder from the application. For example if the application serves the folder How to fix Open Redirect? A fix was pushed into the |
*
|