EPSS
Percentile
48.3%
Versions of serve-here.js prior to 1.2.0 are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
serve-here.js
Upgrade to version 1.2.0 or later.