CNNVD-202509-4533 Information

CNNVD ID

CNNVD-202509-4533

Related CVE

CVE-2025-11149

• CNNVD Published: 2025-09-30

Description (Chinese)

node-static是Alexis Sellier个人开发者的符合 rfc 2616 标准的 HTTP 静态文件服务器模块，带有内置缓存。 node-static存在安全漏洞，该漏洞源于未捕获包含空字节的用户输入异常，可能导致服务器崩溃。

Description (English)

Node-static is an HTTP static file server module with a built-in cache for Alexis Sellier ’ s personal developer, which meets the rfc 2616 standard. Node-static has a security loophole, which results from the non-capture of user input anomalies with empty bytes, which could lead to server collapse.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-30

Last Modified

2026-02-24

References

https://github.com/cloudhead/node-static/commit/78879dc665f0f7137063794b6e0b6203a81c7f67 https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-1297183 https://security.snyk.io/vuln/SNYK-JS-NUBOSOFTWARENODESTATIC-3330728