All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2022-12-21T23:14:33.786205Z

Updated: 2024-09-17T02:57:12.909Z

Reserved: 2022-02-24T00:00:00

Link: CVE-2022-25895

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-21T05:15:11.313

Modified: 2024-11-21T06:53:10.807

Link: CVE-2022-25895

cve-icon Redhat

No data.