Affected versions of restify
are susceptible to a cross-site scripting vulnerability when using URL encoded script tags in a non-existent URL.
Request
https://localhost:3000/no5_such3_file7.pl?%22%3E%3Cscript%3Ealert(73541);%3C/script%3E
Will be included in response:
<script>alert(73541);</script>
Update to version 4.1.0 or later.