Homepage

serverless-offline@3.7.0 vulnerabilities

Emulate AWS λ and API Gateway locally when developing your Serverless project

  • latest version

    14.4.0

  • latest non vulnerable version

    14.4.0

  • first published

    9 years ago

  • latest version published

    11 months ago

  • licenses detected

  • View serverless-offline package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the serverless-offline package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Access Restriction Bypass

    serverless-offline is an Emulate AWS λ and API Gateway locally when developing your Serverless project.

    Affected versions of this package are vulnerable to Access Restriction Bypass. It returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).

    How to fix Access Restriction Bypass?

    Upgrade serverless-offline to version 8.6.0 or higher.

    <8.6.0
    Go back to all versions of this package