[Pkg-javascript-devel] Bug#1117504: node-static: CVE-2025-11149
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 6 20:47:12 BST 2025
Source: node-static
Version: 0.7.11+~0.7.7-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerability was published for node-static.
CVE-2025-11149[0].
Note this CVE is not very clear, and there is node-static in the
nubosoftware space. Now the CVE description references [1]. Can you
clarify on the state of the two projects? Our packaged one seems to
have still the issue?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-11149
https://www.cve.org/CVERecord?id=CVE-2025-11149
[1] https://github.com/cloudhead/node-static/commit/78879dc665f0f7137063794b6e0b6203a81c7f67
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-javascript-devel
mailing list