crates.io package
static-web-server
pkg:cargo/static-web-server
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27480 | — | >= 2.1.0, < 2.41.0 | 2.41.0 | Feb 21, 2026 | Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for | ||
| CVE-2025-67487 | — | < 2.40.1 | 2.40.1 | Dec 9, 2025 | Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent syml | ||
| CVE-2024-32966 | Med | 5.8 | < 2.30.0 | 2.30.0 | May 1, 2024 | Static Web Server (SWS) is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like `<img src=x one |
- CVE-2026-27480Feb 21, 2026affected >= 2.1.0, < 2.41.0fixed 2.41.0
Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for
- CVE-2025-67487Dec 9, 2025affected < 2.40.1fixed 2.40.1
Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links (symlinks) which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent syml
- affected < 2.30.0fixed 2.30.0
Static Web Server (SWS) is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like `<img src=x one