npm

Severity: moderate

Hidden Directories Always Served

inert

Overview

Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false.

The inert directory handler always allows files in hidden directories to be served, even when showHidden is false.

Remediation

Update to version >= 1.1.1.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. reported

    Initial report by Gil Pedersen
    Oct 17th, 2015
  2. published

    Advisory published
    Dec 16th, 2014