serve is vulnerable to directory traversal. The vulnerability exists because it gives an easy interface to list directory contents and traverse into sub-folder just by submitting a URL with dot-slash before the file name, e.g. http://127.0.0.1:6060/dir/./file.txt
.