GHSA-48gc-5j93-5cfq

Опубликовано: 11 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Path Traversal in serve

Versions of serve prior to 10.1.2 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through relative paths, which allows attackers to access hidden folders and files.

Recommendation

Upgrade to version 10.1.2 or later.

Ссылки

https://hackerone.com/reports/486933
https://www.npmjs.com/advisories/965

Пакеты

Наименование

serve

npm

Затронутые версииВерсия исправления

< 10.1.2

10.1.2

Дефекты

CWE-22

Дефекты

CWE-22