5 matches found
CVE-2019-5417
The CVE-2019-5417 entry concerns the Node.js module serve (version 7.0.1). The vulnerability is a directory traversal flaw where file paths are not sanitized, enabling an attacker to read arbitrary files on the remote server. The related documents confirm affected software is the serve package an...
CVE-2018-3712
CVE-2018-3712 affects the Node.js package named “serve” and its static file serving behavior. Versions prior to 6.4.9 fail to properly filter the characters %2e (.) and %2f (/), allowing them in paths and enabling a path-traversal that can list directory contents. The core impact described across...
CVE-2018-3809
The CVE-2018-3809 entry refers to the Node.js module serve (v6.5.3) exposing information via directory listings and bypassing ignore rules on case-insensitive file systems. Technical details from connected records show that versions before 7.0.0 are affected and allow reading ignored files or lis...
CVE-2018-3718
CVE-2018-3718 affects the serve node module and is caused by improper handling of URL encoding, which can permit access to ignored/restricted files when a filename is URL encoded. Connected advisories/documentation (GHSA-5RC4-8QQH-VQ7F; OSV, NVD/CVE record) describe this as a directory traversal-...
CVE-2019-5415
CVE-2019-5415 concerns the Node.js module serve (version 6.5.3) where the ignore feature can be bypassed via a dot-slash path, allowing an attacker to read files or list directories that should be ignored. The root cause is improper handling of ignored paths in the file-serving logic, enabling pa...