Описание
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.1 (включая)
cpe:2.3:a:serve-static_project:serve-static:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 53%
0.003
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
ubuntu
около 11 лет назад
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.
debian
около 11 лет назад
Open redirect vulnerability in the serve-static plugin before 1.7.2 fo ...
EPSS
Процентиль: 53%
0.003
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other