Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NZeit Serve
APPZeit6.5.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2019-5415HIGH7.5ten sam produkt
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or...
CVE-2019-5417HIGH7.5ten sam produkt
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbi...
CVE-2018-3712MEDIUM6.5ten sam produkt
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f...
CVE-2018-3718MEDIUM5.3ten sam produkt
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a fi...
CVE-2018-6184HIGH7.5ten sam vendor
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.