Lucene search
+L
ZeitServe

5 matches found

CVE
CVE
added 2019/03/17 7:24 p.m.69 views

CVE-2019-5417

The CVE-2019-5417 entry concerns the Node.js module serve (version 7.0.1). The vulnerability is a directory traversal flaw where file paths are not sanitized, enabling an attacker to read arbitrary files on the remote server. The related documents confirm affected software is the serve package an...

7.5CVSS7.4AI score0.0221EPSS
CVE
CVE
added 2018/06/01 7:0 p.m.62 views

CVE-2018-3809

The CVE-2018-3809 entry refers to the Node.js module serve (v6.5.3) exposing information via directory listings and bypassing ignore rules on case-insensitive file systems. Technical details from connected records show that versions before 7.0.0 are affected and allow reading ignored files or lis...

5.3CVSS5.2AI score0.01048EPSS
CVE
CVE
added 2018/06/07 2:0 a.m.61 views

CVE-2018-3712

CVE-2018-3712 affects the Node.js package named “serve” and its static file serving behavior. Versions prior to 6.4.9 fail to properly filter the characters %2e (.) and %2f (/), allowing them in paths and enabling a path-traversal that can list directory contents. The core impact described across...

6.5CVSS6.2AI score0.0179EPSS
CVE
CVE
added 2019/03/17 7:28 p.m.55 views

CVE-2019-5415

CVE-2019-5415 concerns the Node.js module serve (version 6.5.3) where the ignore feature can be bypassed via a dot-slash path, allowing an attacker to read files or list directories that should be ignored. The root cause is improper handling of ignored paths in the file-serving logic, enabling pa...

7.5CVSS7.2AI score0.01689EPSS
CVE
CVE
added 2018/06/07 2:0 a.m.54 views

CVE-2018-3718

CVE-2018-3718 affects the serve node module and is caused by improper handling of URL encoding, which can permit access to ignored/restricted files when a filename is URL encoded. Connected advisories/documentation (GHSA-5RC4-8QQH-VQ7F; OSV, NVD/CVE record) describe this as a directory traversal-...

5.3CVSS5.1AI score0.01316EPSS