A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path.

Affected Packages

npm mcstatic

Affected versions: 0 (last affected: 0.0.20)

Related CVEs

CVE-2018-16482

Key Information

GHSA ID

GHSA-cxmj-qjv6-vx9p

Published

February 7, 2019 6:15 PM

Last Modified

September 12, 2023 8:46 PM

CVSS Score

7.5 /10

Primary Ecosystem

npm

Primary Package

mcstatic

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.