VYPR
Low severityNVD Advisory· Published Jan 21, 2015· Updated Jun 17, 2026

CVE-2015-1164

CVE-2015-1164

Description

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
serve-staticnpm
< 1.7.21.7.2
serve-staticnpm
>= 1.7.0, < 1.7.21.7.2

Affected products

2

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.