Описание
Path Traversal in serve
Versions of serve prior to 7.0.1 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through if the path contains a /./, which allows attackers to access hidden folders and files.
Recommendation
Upgrade to version 7.0.1 or later.
Пакеты
Наименование
serve
npm
Затронутые версииВерсия исправления
< 7.0.0
7.0.0
Связанные уязвимости
CVSS3: 7.5
nvd
почти 7 лет назад
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.