14.2.4
13 years ago
1 months ago
Known vulnerabilities in the serve package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
serve is a static file serving and directory listing. Affected versions of this package are vulnerable to Directory Traversal. It was possible to fetch files outside of the web root dir with a symlink file on the working dir. How to fix Directory Traversal? Upgrade | <11.0.0 |
Affected versions of this package are vulnerable to Directory Traversal attacks. An attacker could read local files on the target server. How to fix Directory Traversal? Upgrade | <7.1.3 |
serve is a static file serving and directory listing. Affected versions of this package are vulnerable to Information Exposure. An attacker could bypasses the ignore NOTE: This vulnerability has also been identified as: CVE-2018-3809 How to fix Information Exposure? Upgrade | <7.0.0 |
serve is a static file serving and directory listing. Affected versions of this package are vulnerable to Information Exposure. An attacker could bypasses the ignore NOTE: This vulnerability has also been identified as: CVE-2019-5415 How to fix Information Exposure? Upgrade | <7.0.0 |
serve is a module provides a neat interface for listing the directory's contents and switching into sub folders. Affected versions of this package are vulnerable to Information Exposure through directory listing. It allows directory browsing and to serve static files through the browser. How to fix Information Exposure? Update | <6.5.2 |
It does not properly sanitze dots ( Note: An attacker will not be able to use this vulnerability to read arbitrary files. How to fix Directory Traversal? Upgrade | <6.4.9 |
How to fix Directory Traversal? Upgrade | <5.2.0>=5.2.1 <5.2.2 |