CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-26152

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.5%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2023-26152

Nbluis » Static-Server » Version: 1.0.0

cpe:2.3:a:nbluis:static-server:1.0.0
Nbluis » Static-Server » Version: 1.0.1

cpe:2.3:a:nbluis:static-server:1.0.1
Nbluis » Static-Server » Version: 1.0.2

cpe:2.3:a:nbluis:static-server:1.0.2
Nbluis » Static-Server » Version: 2.0.0

cpe:2.3:a:nbluis:static-server:2.0.0
Nbluis » Static-Server » Version: 2.0.1

cpe:2.3:a:nbluis:static-server:2.0.1
Nbluis » Static-Server » Version: 2.0.2

cpe:2.3:a:nbluis:static-server:2.0.2
Nbluis » Static-Server » Version: 2.0.3

cpe:2.3:a:nbluis:static-server:2.0.3
Nbluis » Static-Server » Version: 2.0.4

cpe:2.3:a:nbluis:static-server:2.0.4
Nbluis » Static-Server » Version: 2.0.5

cpe:2.3:a:nbluis:static-server:2.0.5
Nbluis » Static-Server » Version: 2.0.6

cpe:2.3:a:nbluis:static-server:2.0.6
Nbluis » Static-Server » Version: 2.1.0

cpe:2.3:a:nbluis:static-server:2.1.0
Nbluis » Static-Server » Version: 2.2.0

cpe:2.3:a:nbluis:static-server:2.2.0
Nbluis » Static-Server » Version: 2.2.1

cpe:2.3:a:nbluis:static-server:2.2.1
Nbluis » Static-Server » Version: 3.0.0

cpe:2.3:a:nbluis:static-server:3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-26152

Products

Pricing

Contact Us