Homepage

serverless-offline@3.5.3 vulnerabilities

Emulate AWS λ and API Gateway locally when developing your Serverless project

  • latest version

    14.4.0

  • latest non vulnerable version

    14.4.0

  • first published

    8 years ago

  • latest version published

    2 days ago

  • licenses detected

  • View serverless-offline package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the serverless-offline package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Access Restriction Bypass

    serverless-offline is an Emulate AWS λ and API Gateway locally when developing your Serverless project.

    Affected versions of this package are vulnerable to Access Restriction Bypass. It returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).

    How to fix Access Restriction Bypass?

    Upgrade serverless-offline to version 8.6.0 or higher.

    <8.6.0
    Go back to all versions of this package