serverless-offline@3.24.1 vulnerabilities

Emulate AWS λ and API Gateway locally when developing your Serverless project

  • latest version

    14.4.0

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    5 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the serverless-offline package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Access Restriction Bypass

    serverless-offline is an Emulate AWS λ and API Gateway locally when developing your Serverless project.

    Affected versions of this package are vulnerable to Access Restriction Bypass. It returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).

    How to fix Access Restriction Bypass?

    Upgrade serverless-offline to version 8.6.0 or higher.

    <8.6.0