GHSA-h97f-5258-5593
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h97f-5258-5593
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-h97f-5258-5593/GHSA-h97f-5258-5593.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h97f-5258-5593
- Aliases
- Published
- 2021-09-01T18:32:22Z
- Modified
- 2023-11-08T04:06:27.510404Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Incorrect Authorization in serverless-offline
- Details
-
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing
/character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions). - Database specific
{ "github_reviewed": true, "github_reviewed_at": "2021-08-30T20:31:00Z", "nvd_published_at": "2021-08-10T18:15:00Z", "cwe_ids": [ "CWE-863" ], "severity": "CRITICAL" }- References
Affected packages
npm / serverless-offline
Package
- Name
- serverless-offline
- View open source insights on deps.dev
- Purl
- pkg:npm/serverless-offline