npm package
serve
pkg:npm/serve
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5415 | — | < 7.0.0 | 7.0.0 | Mar 17, 2019 | A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to. | ||
| CVE-2019-5417 | — | < 7.1.3 | 7.1.3 | Mar 17, 2019 | A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server. | ||
| CVE-2018-3718 | — | < 6.5.2 | 6.5.2 | Jun 7, 2018 | serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | ||
| CVE-2018-3712 | — | < 6.4.9 | 6.4.9 | Jun 7, 2018 | serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. | ||
| CVE-2018-3809 | — | < 7.0.0 | 7.0.0 | Jun 1, 2018 | Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored. |
- CVE-2019-5415Mar 17, 2019affected < 7.0.0fixed 7.0.0
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.
- CVE-2019-5417Mar 17, 2019affected < 7.1.3fixed 7.1.3
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.
- CVE-2018-3718Jun 7, 2018affected < 6.5.2fixed 6.5.2
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
- CVE-2018-3712Jun 7, 2018affected < 6.4.9fixed 6.4.9
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
- CVE-2018-3809Jun 1, 2018affected < 7.0.0fixed 7.0.0
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.