6.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.0%
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
github.com/zeit/serve/pull/316
hackerone.com/reports/307666