serverless-offline is vulnerable to privilege escalation. The vulnerability exists in createAuthScheme
function of createAuthScheme.js
due to an insecure access control from a misinterpreted HTTP status code which allows an attacker to download a web content page via malicious URL.