cloudhead/node-static

cloudhead/node-static

Releases19

Frequency5 months 3 weeks

Last Release about 5 years ago

Stars2.16K

rfc 2616 compliant HTTP static-file server module, with built-in caching.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-11149 ↗	Sep 30, 2025Tuesday, 30 September 2025, 11:37	7.5 HIGH	—
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
CVE-2023-26111 ↗	Mar 6, 2023Monday, 6 March 2023, 05:15	7.5 HIGH	—
All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.