PT-2022-17609 · Unknown · Easy-Static-Server

Liran Tal

Published

2022-12-20

Updated

2022-12-29

CVE-2022-25931

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions easy-static-server versions all

Description The issue arises due to missing input sanitization and the employment of sandboxes to the req.url user input that is passed to the server code, leading to Directory Traversal.

Recommendations For all versions, consider disabling the req.url input processing until a proper fix is implemented to sanitize the input and prevent Directory Traversal attacks. Restrict access to sensitive directories and files to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2022-25931

GHSA-WCWM-C3MR-PXCR

Affected Products

Easy-Static-Server

PT-2022-17609 · Unknown · Easy-Static-Server

CVE-2022-25931

Weakness Enumeration

Related Identifiers

Affected Products

References · 9