GHSA-WM7Q-RXCH-43MX Byass due to validation before canonicalization in serve

Versions of serve before 6.5.2 are vulnerable to the bypass of the ignore functionality. The bypass is possible because validation happens before canonicalization of paths and filenames. Example: Here we have a server that ignores the file test.txt. const serve = require'serve' const server =...