npm package
statics-server
pkg:npm/statics-server
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15596 | — | <= 0.0.9 | — | Dec 18, 2019 | A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory. | ||
| CVE-2018-3771 | — | <= 0.0.9 | — | Jul 20, 2018 | An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser. |
- CVE-2019-15596Dec 18, 2019affected <= 0.0.9
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.
- CVE-2018-3771Jul 20, 2018affected <= 0.0.9
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.