EPSS
Percentile
48.3%
Versions of serve-here.js prior to 1.2.0 are vulnerable to path traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
github.com/ChristoPy/serve-here.js
hackerone.com/reports/569966
nvd.nist.gov/vuln/detail/CVE-2019-5444
www.npmjs.com/advisories/1019