Insecure Path Joining in static-dev-server
CVE-2022-25848 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.
Learn more about our Cis Benchmark Audit For Server Software.