Vulnerability Details CVE-2022-25936
Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.5%
CVSS Severity
CVSS v3 Score 7.5
References
- https://gist.github.com/lirantal/691d02d607753d54856f9335f9a1692f
- https://github.com/andrepolischuk/servst/commit/f7cae5d2d7c64c86bc512e1e50614240396ef114
- https://security.snyk.io/vuln/SNYK-JS-SERVST-3244896
- https://gist.github.com/lirantal/691d02d607753d54856f9335f9a1692f
- https://github.com/andrepolischuk/servst/commit/f7cae5d2d7c64c86bc512e1e50614240396ef114
- https://security.snyk.io/vuln/SNYK-JS-SERVST-3244896
Products affected by CVE-2022-25936
-
cpe:2.3:a:servst_project:servst:-
-
cpe:2.3:a:servst_project:servst:1.0.0
-
cpe:2.3:a:servst_project:servst:1.0.1
-
cpe:2.3:a:servst_project:servst:1.1.0
-
cpe:2.3:a:servst_project:servst:1.2.0
-
cpe:2.3:a:servst_project:servst:1.2.1
-
cpe:2.3:a:servst_project:servst:1.2.2
-
cpe:2.3:a:servst_project:servst:1.2.3
-
cpe:2.3:a:servst_project:servst:1.2.4
-
cpe:2.3:a:servst_project:servst:2.0.0
-
cpe:2.3:a:servst_project:servst:2.0.1
-
cpe:2.3:a:servst_project:servst:2.0.2