statics-server (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package statics-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2019-15596 — CVSS 7.5 (high): A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within…
CVE-2018-3771 — CVSS 6.1 (medium): An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the…