st

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting stpage 1 of 1

CVE-2014-3744HIGHCVSS 7.5EG 7.5✓ Fixed in 0.2.5
2017-10-23
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
CVE-2017-16224MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.2.2
2018-06-07
st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to…

Check whether st is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for st CVEs against the assets you own.

Start Free Scan →