serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NZeit Serve
APPZeit< 6.4.9
Related vulnerabilities
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or...
A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbi...
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a fi...
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even w...
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.