serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
[
{
"product": "serve node module",
"vendor": "HackerOne",
"versions": [
{
"status": "affected",
"version": "Versions before 6.4.9"
}
]
}
]