CVE-2022-25936: Servst vulnerable to Path Traversal

January 30, 2023 (updated March 27, 2025)

Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable.

References

gist.github.com/lirantal/691d02d607753d54856f9335f9a1692f
github.com/advisories/GHSA-88v8-v46g-6c9w
github.com/andrepolischuk/servst
github.com/andrepolischuk/servst/commit/f7cae5d2d7c64c86bc512e1e50614240396ef114
nvd.nist.gov/vuln/detail/CVE-2022-25936
security.snyk.io/vuln/SNYK-JS-SERVST-3244896

Code Behaviors & Features

Detect and mitigate CVE-2022-25936 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →