NextGuard
UNKNOWNGHSA-xw79-hhv6-578c

Cross-Site Scripting in serve

Platform

nodejs

Component

serve

Fixed in

10.0.2

View on GitHub Advisory

Versions of `serve` prior to 10.0.2 are vulnerable to Cross-Site Scripting (XSS). The package does not encode output, allowing attackers to execute arbitrary JavaScript in the victim's browser if user-supplied input is rendered. ## Recommendation Upgrade to version 10.0.2 or later.

How to fix

No official patch available. Check for workarounds or monitor for updates.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free