📦

serve

Vendor: zeit

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 5 Total Indexed

Avg. EPSS 0.41% Exploit Prob.

Latest CVE CVE-2019-5417 Mar 21

Security Vulnerability Index

Page 1 / 1

7.5 CVSS

CVE-2019-5417

A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.

EPSS: 0.61%

Severity: HIGH

Mar 21, 2019

7.5 CVSS

CVE-2019-5415

A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.

EPSS: 0.32%

Severity: HIGH

Mar 21, 2019

5.3 CVSS

CVE-2018-3718

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.

EPSS: 0.24%

Severity: MEDIUM

Jun 07, 2018

6.5 CVSS

CVE-2018-3712

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.

EPSS: 0.68%

Severity: MEDIUM

Jun 07, 2018

5.3 CVSS

CVE-2018-3809

Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.

EPSS: 0.22%

Severity: MEDIUM

Jun 01, 2018

Displaying 5 of 5 Total Entries

Total 1 Sections