CVE-2019-5444

Path traversal vulnerability in version up to v1.1.3 in serve-here.js npm module allows attackers to list any file in arbitrary folder...

Node.js third-party modules: [serve-here] Static Web Server Directory Traversal via Crafted GET Request

Hi, A crafted GET request can be leveraged to traverse the directory structure of a host using the serve-here web server package, and request arbitrary files outside of the specified web root. Module specification Name: serve-here Version: 3.2.0 latest release build Verified conditions Test serve...