Description

A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.

Remediation

References

https://hackerone.com/reports/358645

Related Vulnerabilities

CVE-2011-4905 Vulnerability in maven package activemq:activemq-core

CVE-2021-22119 Vulnerability in maven package org.springframework.security:spring-security-oauth2-client

CVE-2014-125087 Vulnerability in maven package com.jamesmurty.utils:java-xmlbuilder

CVE-2021-32641 Vulnerability in npm package auth0-lock

CVE-2021-43807 Vulnerability in maven package org.opencastproject:opencast-common

Severity

High

Classification

CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory