Plattform
nodejs
Komponente
serve
Behoben in
7.1.4
7.1.3
CVE-2019-5417 is a Directory Traversal vulnerability affecting the serve npm package. This vulnerability allows attackers to access sensitive system files due to insufficient sanitization of file paths. This affects serve versions prior to 7.1.3. Upgrade to version 7.1.3 or later to remediate this vulnerability.
An attacker exploiting CVE-2019-5417 can leverage the directory traversal vulnerability to read arbitrary files on the server hosting the serve application. This includes configuration files, source code, and potentially sensitive data like API keys or database credentials. Successful exploitation could lead to complete system compromise, depending on the permissions of the user running the serve process. The blast radius extends to any data accessible by that user, potentially impacting multiple systems if the server has broad access.
CVE-2019-5417 was published on March 25, 2019. There are no known active campaigns targeting this vulnerability. Public proof-of-concept exploits are available, indicating a relatively low barrier to entry for attackers. The vulnerability is not currently listed on KEV or EPSS, suggesting a low probability of exploitation in the wild.
Exploit-Status
EPSS
0.61% (70% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2019-5417 is to upgrade the serve package to version 7.1.3 or later. If upgrading is not immediately feasible, consider implementing strict file access controls on the server to limit the potential damage from unauthorized file access. While a WAF might offer limited protection, it's not a substitute for patching. After upgrading, verify the fix by attempting to access files outside of the intended serving directory; access should be denied.
Actualice el paquete 'serve' a la versión 7.1.3 o superior. Esto corregirá la vulnerabilidad de path traversal que permite la lectura de archivos arbitrarios en el servidor remoto. Ejecute 'npm install serve@latest' para obtener la versión más reciente.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a security attack that allows an attacker to access files and directories on a web server that they shouldn't be able to. It's achieved by manipulating file paths.
You can check the version of serve by running the command serve --version in your terminal.
Implement strict access controls on the file system and review the serve configuration.
Yes, all versions prior to 7.1.3 are vulnerable.
You can find more information on the CVE-2019-5417 entry in the Common Vulnerabilities and Exposures (CVE) vulnerability database.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.