Description
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
Remediation
References
https://github.com/zeit/serve/pull/316
https://hackerone.com/reports/307666
Related Vulnerabilities
CVE-2012-3544 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2018-20677 Vulnerability in maven package org.webjars:bootstrap
CVE-2019-10389 Vulnerability in maven package org.jenkins-ci.plugins:relution-publisher
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.12
CVE-2023-24428 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-oauth