A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-03-21
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-03-21
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-06-07
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-06-07
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-06-01