Tungpun

**Name of the Vulnerable Software and Affected Versions** serve versions prior to 7.1.3 **Description** A path traversal issue allows attackers to read the content of arbitrary files on a remote server. This is due to a lack of sanitization of file paths, leading to unauthorized access of system files. **Recommendations** For versions prior to 7.1.3, upgrade to version 7.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** module public versions prior to 0.1.4 **Description** A XSS issue was found that allows malicious Javascript code to run in the browser due to the absence of sanitization of the `file/folder names` before rendering. **Recommendations** For versions prior to 0.1.4, update to version 0.1.4 or later to resolve the issue. As a temporary workaround, consider implementing proper sanitization of `file/folder names` before rendering to prevent malicious code execution.

**Name of the Vulnerable Software and Affected Versions** html-page versions prior to 2.1.1 html-pages (affected versions not specified) **Description** A Cross-Site Scripting (XSS) issue was discovered, allowing malicious JavaScript code to be executed in the user's browser due to the lack of sanitization of folder names and paths before rendering. This enables attackers to execute arbitrary JavaScript in the victim's browser through folders with names containing malicious code. **Recommendations** For html-page versions prior to 2.1.1, consider using an alternative package until a fix is made available. For html-pages, consider using an alternative package until a fix is made available.

**Name of the Vulnerable Software and Affected Versions** mcstatic versions <=0.0.20 **Description** A server directory traversal issue allows an attack to access sensitive information in the file system by appending slashes in the URL path. **Recommendations** For mcstatic versions <=0.0.20, update to a version higher than 0.0.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** serve versions prior to 7.0.0 **Description** The issue allows information exposure through directory listings, enabling access to files even when they are set to be ignored. This occurs in versions of serve before 7.0.0, specifically bypassing the ignore security control on case-insensitive file systems. **Recommendations** Update to version 7.0.0 or later.