Security Advisory

CVE-2025-11149

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-30 05:00:07

Last updated 2025-09-30 19:07:09

Assigner snyk

State PUBLISHED

Description

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.

← Browse all CVEs View on cve.org ↗