CVE-2023-26111

Name of the Vulnerable Software and Affected Versions @node-static versions all node-static versions all

Description The issue arises from improper file path sanitization in the startsWith() method within the servePath function, leading to Directory Traversal. This allows attackers to access files outside the intended directory.

Recommendations For @nubosoftware/node-static, consider disabling the servePath function until a patch is available. For node-static, restrict access to the servePath function to minimize the risk of exploitation. As a temporary workaround, avoid using the startsWith() method in the servePath function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.