Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
node-static 安全漏洞
Vulnerability Description
node-static是Alexis Sellier个人开发者的符合 rfc 2616 标准的 HTTP 静态文件服务器模块,带有内置缓存。 node-static存在安全漏洞,该漏洞源于未捕获包含空字节的用户输入异常,可能导致服务器崩溃。
CVSS Information
N/A
Vulnerability Type
N/A