CVE-2022-25848

Summary

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.

Affected Software

VendorProductVersion RangeStatus
n/astatic-dev-server0 < unspecifiedaffected

Weaknesses

  • Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References