serverless-offline@2.5.0 vulnerabilities

Emulate AWS λ and API Gateway locally when developing your Serverless project

Direct Vulnerabilities

Known vulnerabilities in the serverless-offline package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Access Restriction Bypass

serverless-offline is an Emulate AWS λ and API Gateway locally when developing your Serverless project.

Affected versions of this package are vulnerable to Access Restriction Bypass. It returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).

How to fix Access Restriction Bypass?

Upgrade serverless-offline to version 8.6.0 or higher.

<8.6.0