Vulnerability Database

319,897

Total vulnerabilities in the database

Denial of Service in node-static

All versions of node-static are vulnerable to a Denial of Service. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.

Published: Sep 22, 2021
Updated: Apr 14, 2023
GHSA: GHSA-8r4g-cg4m-x23c
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-248
CWE-400

Affected Software
References

Software	From	Fixed in
node-static	-	0.7.11.x

https://github.com/cloudhead/node-static/blob/643a528ec7bbd05a59c4030655d94810570afb3f/CHANGES.md#-unreleased
https://github.com/cloudhead/node-static/pull/213
https://www.npmjs.com/advisories/1208
https://www.npmjs.com/package/node-static

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo