CVE-2022-25848 HIGH

CVE-2022-25848: Directory Traversal

Vendor N/A
Product static-dev-server
Published November 29, 2022
Last update April 24, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.

Key dates

02Disclosure timeline

November 29, 2022 CVE published
April 24, 2025 Record updated