serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-06-07
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
CVSS Score
6.5
EPSS Score
0.007
Published
2018-06-07