Vulnerability Details CVE-2021-23430
All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/xudafeng/startserver/blob/bef0c4e4d21da42a40ce87cf25fd54ac8d8cb2d8/lib/index.js%23L71
- https://snyk.io/vuln/SNYK-JS-STARTSERVER-1296388
- https://github.com/xudafeng/startserver/blob/bef0c4e4d21da42a40ce87cf25fd54ac8d8cb2d8/lib/index.js%23L71
- https://snyk.io/vuln/SNYK-JS-STARTSERVER-1296388
Products affected by CVE-2021-23430
-
cpe:2.3:a:startserver_project:startserver:-
-
cpe:2.3:a:startserver_project:startserver:0.1.2
-
cpe:2.3:a:startserver_project:startserver:0.2.5
-
cpe:2.3:a:startserver_project:startserver:0.3.0
-
cpe:2.3:a:startserver_project:startserver:0.4.0
-
cpe:2.3:a:startserver_project:startserver:0.4.2
-
cpe:2.3:a:startserver_project:startserver:0.4.5
-
cpe:2.3:a:startserver_project:startserver:0.5.10
-
cpe:2.3:a:startserver_project:startserver:0.5.12
-
cpe:2.3:a:startserver_project:startserver:0.5.14
-
cpe:2.3:a:startserver_project:startserver:0.5.16
-
cpe:2.3:a:startserver_project:startserver:0.5.26
-
cpe:2.3:a:startserver_project:startserver:0.5.5
-
cpe:2.3:a:startserver_project:startserver:0.5.8
-
cpe:2.3:a:startserver_project:startserver:0.6.16
-
cpe:2.3:a:startserver_project:startserver:0.6.32
-
cpe:2.3:a:startserver_project:startserver:0.6.34
-
cpe:2.3:a:startserver_project:startserver:0.6.36
-
cpe:2.3:a:startserver_project:startserver:1.0.2
-
cpe:2.3:a:startserver_project:startserver:1.2.8
-
cpe:2.3:a:startserver_project:startserver:1.3.1