Vulnerability Description
All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| M.Static Project | M.Static | <= 2.2.0 |
Related Weaknesses (CWE)
References
- https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915ExploitThird Party Advisory
- https://gist.github.com/lirantal/dcb32c11ce87f5aafd2282b90b4dc998ExploitThird Party Advisory
- https://security.snyk.io/vuln/SNYK-JS-MSTATIC-3244915ExploitThird Party Advisory
FAQ
What is CVE-2023-26126?
CVE-2023-26126 is a vulnerability with a CVSS score of 7.5 (HIGH). All versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.
How severe is CVE-2023-26126?
CVE-2023-26126 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26126?
Check the references section above for vendor advisories and patch information. Affected products include: M.Static Project M.Static.