serve-lite@1.1.0 vulnerabilities

a lightweight http-server for static file-based web development

Direct Vulnerabilities

Known vulnerabilities in the serve-lite package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Directory Traversal

serve-lite is an a lightweight http-server for static file-based web development

Affected versions of this package are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().

How to fix Directory Traversal?

Upgrade serve-lite to version 1.1.1 or higher.

<1.1.1
  • M
Cross-site Scripting (XSS)

serve-lite is an a lightweight http-server for static file-based web development

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.

How to fix Cross-site Scripting (XSS)?

Upgrade serve-lite to version 1.1.2 or higher.

<1.1.2