HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2019-5417

CVSS 7.5v3.0pub. 2019-03-21upd. 2024-11-21

A path traversal vulnerability in serve npm package version 7.0.1 allows the attackers to read content of arbitrary files on the remote server.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Zeit Serve

    APP
    Zeit
    7.0.1 – 7.3.1 (bez)
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
References

Related vulnerabilities

CVE-2019-5415HIGH7.5ten sam produkt

A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or...

CVE-2018-3712MEDIUM6.5ten sam produkt

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f...

CVE-2018-3718MEDIUM5.3ten sam produkt

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a fi...

CVE-2018-3809MEDIUM5.3ten sam produkt

Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even w...

CVE-2018-6184HIGH7.5ten sam vendor

ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.

CVE-2019-5417 β€” Zeit β€” Serve β€” HIGH β€” CVSS 7.5 | CVEbaza.pl