Directory Traversal in serve · CVE-2019-5417 · GitHub Advisory Database · GitHub

Directory Traversal in serve

High severity GitHub Reviewed Published Mar 25, 2019 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

serve (npm)

Affected versions

< 7.1.3

Patched versions

7.1.3

Description

Versions of serve before 7.1.3 are vulnerable to Directory Traversal. File paths are not sanitized leading to unauthorized access of system files.

Recommendation

Upgrade to version 7.1.3 or later

References

Published to the GitHub Advisory Database Mar 25, 2019

Reviewed Jun 16, 2020

Last updated Jan 9, 2023

Severity

High

7.5

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N