Description
All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.4.1
References
Related Issues
- Directory Traversal in isomorphic-git - CVE-2021-30483
- SillyTavern has a path traversal in `/api/chats/import` allows arbitrary file write outside intended chat directory - CVE-2026-34522
- Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read - CVE-2026-40163
- Directory Traversal in nhouston - CVE-2014-8883
You might also like:
- Tags:
- npm
- startserver
Anything's wrong? Let us know Last updated on February 01, 2023