2.2.0
11 years ago
6 months ago
Known vulnerabilities in the serve-static package. This does not include vulnerabilities belonging to this package’s dependencies.
Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.
Fix for freeVulnerability | Vulnerable Version |
---|---|
serve-static is a server. Affected versions of this package are vulnerable to Cross-site Scripting due to improper sanitization of user input in the Note To exploit this vulnerability, the following conditions are required:
How to fix Cross-site Scripting? Upgrade | <1.16.0>=2.0.0 <2.1.0 |