VYPR

Stattic Node Module

by Hackerone

Source repositories

CVEs (6)

  • CVE-2018-3730HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.

  • CVE-2017-16152HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2017-16134HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.02

    http_static_simple is an http server. http_static_simple is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

  • CVE-2018-3734HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.02

    stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path.

  • CVE-2015-9242HigMay 29, 2018
    risk 0.42cvss 7.5epss 0.02

    Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header.

  • CVE-2017-16226CriJun 7, 2018
    risk 0.00cvss 9.8epss 0.04

    The static-eval module is intended to evaluate statically-analyzable expressions. In affected versions, untrusted user input is able to access the global function constructor, effectively allowing arbitrary code execution.