NextGuard
UNKNOWNGHSA-48gc-5j93-5cfq

Path Traversal in serve

Platform

nodejs

Component

serve

Fixed in

10.1.2

View on GitHub Advisory

Versions of `serve` prior to 10.1.2 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through relative paths, which allows attackers to access hidden folders and files. ## Recommendation Upgrade to version 10.1.2 or later.

How to fix

No official patch available. Check for workarounds or monitor for updates.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free