High severity7.5NVD Advisory· Published Oct 3, 2023· Updated Jun 17, 2026
CVE-2023-26152
CVE-2023-26152
Description
All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
static-servernpm | <= 2.2.1 | — |
Affected products
2- static-server/static-serverdescription
Patches
Vulnerability mechanics
References
6- gist.github.com/lirantal/1f7021703a2065ecaf9ec9e06a3a346dnvdExploitThird Party AdvisoryWEB
- security.snyk.io/vuln/SNYK-JS-STATICSERVER-5722341nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-v834-rhv4-65m3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-26152ghsaADVISORY
- github.com/nbluis/static-server/blob/master/server.jsghsaWEB
- github.com/nbluis/static-server/blob/master/server.js%23L218-L223nvdProduct
News mentions
0No linked articles in our index yet.