Description
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).
Remediation
References
https://github.com/dherault/serverless-offline/issues/1259
Related Vulnerabilities
CVE-2021-3804 Vulnerability in npm package taro
CVE-2022-22984 Vulnerability in npm package @snyk/snyk-cocoapods-plugin
CVE-2022-0654 Vulnerability in npm package requestretry
CVE-2011-4969 Vulnerability in maven package org.webjars:jquery
CVE-2023-40349 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook