I would like to report path traversal vulnerability in serve module It allows an attacker to read system files via path traversal vulnerability
module name: serve
Assuming you would like to serve a static site, single page application or just a static file (no matter if on your device or on the local network), this package is just the right choice for you.
It behaves exactly like static deployments on Now, so it's perfect for developing your static project. Then, when it's time to push it into production, you deploy it.
Furthermore, it provides a neat interface for listing the directory's contents:
with a symlink file on the working dir ,it was possible to fetch files outside of the web root dir
1.make a directory $mkdir test
2.got test dir $cd test
3.create a symlink file $ln -s ../../ symdir
4.now install serve module: $yarn global add serve
5.run serve module $serve
> If you're able to provide a patch with the fix please post it in this section
> State all technical information about the stack where the vulnerability was found
> Select Y or N for the following statements:
> Hunter's comments and funny memes goes here
This could have enabled an attacker to view system files and leverage attacks like remote code execution and so on