CVE-2023-26126

Summary

All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.

Affected Software

VendorProductVersion RangeStatus
n/am.static0 < *affected

Weaknesses

  • CWE-22: Directory Traversal

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References