CVE-2022-25895

Summary

All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.

Affected Software

VendorProductVersion RangeStatus
n/alite-dev-server0 < unspecifiedaffected

Weaknesses

  • Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References