serve-lite is vulnerable to Directory Traversal. The vulnerability is due to a a lack of input sanitization in the req.url
parameter which is passed as-is to the path.join()
function, allowing a remote attacker to access system files and retrieve confidential information via malicious input.
CPE | Name | Operator | Version |
---|---|---|---|
serve-lite | le | 1.1.0 | |
serve-lite | le | 1.1.0 |