serve@3.0.2 vulnerabilities

Static file serving and directory listing

  • latest version

    14.2.4

  • latest non vulnerable version

  • first published

    13 years ago

  • latest version published

    2 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the serve package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Directory Traversal

    serve is a static file serving and directory listing.

    Affected versions of this package are vulnerable to Directory Traversal. It was possible to fetch files outside of the web root dir with a symlink file on the working dir.

    How to fix Directory Traversal?

    Upgrade serve to version 11.0.0 or higher.

    <11.0.0
    • C
    Directory Traversal

    serve is a static file serving and directory listing.

    Affected versions of this package are vulnerable to Directory Traversal attacks. An attacker could read local files on the target server.

    How to fix Directory Traversal?

    Upgrade serve to version 7.1.3 or higher.

    <7.1.3
    • H
    Information Exposure

    serve is a static file serving and directory listing.

    Affected versions of this package are vulnerable to Information Exposure. An attacker could bypasses the ignore files/directories feature and read a file or list the directory that the victim has not allowed access to.

    NOTE: This vulnerability has also been identified as: CVE-2018-3809

    How to fix Information Exposure?

    Upgrade serve to version 7.0.0 or higher.

    <7.0.0
    • H
    Information Exposure

    serve is a static file serving and directory listing.

    Affected versions of this package are vulnerable to Information Exposure. An attacker could bypasses the ignore files/directories feature and read a file or list the directory that the victim has not allowed access to.

    NOTE: This vulnerability has also been identified as: CVE-2019-5415

    How to fix Information Exposure?

    Upgrade serve to version 7.0.0 or higher.

    <7.0.0
    • H
    Information Exposure

    serve is a module provides a neat interface for listing the directory's contents and switching into sub folders.

    Affected versions of this package are vulnerable to Information Exposure through directory listing. It allows directory browsing and to serve static files through the browser.

    How to fix Information Exposure?

    Update serve to version 6.5.2 or higher.

    <6.5.2
    • M
    Directory Traversal

    serve is a package that lists and allows browsing static file serving and directories in the browser.

    It does not properly sanitze dots (%2e) and slashes (%2f), allowing an attacker to leverage these characters to traverse the directory tree and list the content of any directory the user running the process has access to.

    Note: An attacker will not be able to use this vulnerability to read arbitrary files.

    How to fix Directory Traversal?

    Upgrade serve to version 6.4.9 or higher.

    <6.4.9
    • H
    Directory Traversal

    serve is Static file serving and directory listing. Affected versions of the package are vulnerable to Directory Traversal related to SNYK-JS-NEXT-10641

    How to fix Directory Traversal?

    Upgrade serve to version 5.2.2 or higher.

    <5.2.0>=5.2.1 <5.2.2