GHSA-xg75-3277-gvvj

Source

https://github.com/advisories/GHSA-xg75-3277-gvvj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/03/GHSA-xg75-3277-gvvj/GHSA-xg75-3277-gvvj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xg75-3277-gvvj

Aliases

CVE-2019-5417

Published

2019-03-25T18:04:01Z

Modified

2023-11-08T04:01:35.621609Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Directory Traversal in serve

Details

Versions of serve before 7.1.3 are vulnerable to Directory Traversal. File paths are not sanitized leading to unauthorized access of system files.

Recommendation

Upgrade to version 7.1.3 or later

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T22:03:13Z",
    "nvd_published_at": null,
    "severity": "HIGH"
}

References

Affected packages

npm / serve

Package

Name: serve; View open source insights on deps.dev
Purl: pkg:npm/serve

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.1.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/03/GHSA-xg75-3277-gvvj/GHSA-xg75-3277-gvvj.json"