Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-V588-QCP3-JV46
HistoryMar 25, 2019 - 6:03 p.m.

Path Traversal in serve

2019-03-2518:03:58
Google
osv.dev
8

EPSS

0.006

Percentile

78.3%

JSON

Versions of serve prior to 7.0.1 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through if the path contains a /./, which allows attackers to access hidden folders and files.

Recommendation

Upgrade to version 7.0.1 or later.

Related

github 1
prion 1
hackerone 1
veracode 1
nodejs 1
cve 1
osv 1
cvelist 1
nvd 1
github
github
Path Traversal in serve
2019-03-25 18:03:58
prion
prion
Design/Logic Flaw
2019-03-21 16:01:00
hackerone
hackerone
Node.js third-party modules: [serve] Directory listing and File access even when they have been set to be ignored (using dot-slash)
2018-03-28 10:35:21
veracode
veracode
Directory Traversal
2019-03-22 13:09:22
nodejs
nodejs
Path Traversal
2019-06-19 20:10:24
cve
cve
CVE-2019-5415
2019-03-21 16:01:05
osv
osv
CVE-2019-5415
2019-03-21 16:01:05
cvelist
cvelist
CVE-2019-5415
2019-03-17 19:28:37
nvd
nvd
CVE-2019-5415
2019-03-21 16:01:05

EPSS

0.006

Percentile

78.3%

JSON
Related for OSV:GHSA-V588-QCP3-JV46
github1prion1hackerone1veracode1nodejs1cve1osv1cvelist1nvd1