Vulnerability Details CVE-2022-21192
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.1%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2022-21192
-
cpe:2.3:a:serve-lite_project:serve-lite:-
-
cpe:2.3:a:serve-lite_project:serve-lite:0.0.0
-
cpe:2.3:a:serve-lite_project:serve-lite:1.0.0
-
cpe:2.3:a:serve-lite_project:serve-lite:1.1.0