Insecure Path Joining in static-dev-server

Insecure Path Joining in static-dev-server

CVE-2022-25848 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.

Learn more about our Cis Benchmark Audit For Server Software.