serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.
{ "binaries": [ { "binary_version": "1.6.4-2", "binary_name": "node-serve-static" } ] }
{ "binaries": [ { "binary_version": "1.14.1-3", "binary_name": "node-serve-static" } ] }
{ "binaries": [ { "binary_version": "1.14.2+~1.13.10-1", "binary_name": "node-serve-static" } ] }
{ "binaries": [ { "binary_version": "1.15.0+~1.15.7-1", "binary_name": "node-serve-static" } ] }
{ "binaries": [ { "binary_version": "2.1.0+~1.15.7-2", "binary_name": "node-serve-static" } ] }