VYPR

npm package

st

pkg:npm/st

Vulnerabilities (2)

  • CVE-2017-16224MedJun 7, 2018
    affected < 1.2.2fixed 1.2.2

    st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most bro

  • CVE-2014-3744HigOct 23, 2017
    affected < 0.2.5fixed 0.2.5

    Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.