Description
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
Remediation
References
https://github.com/zeit/serve/pull/316
https://hackerone.com/reports/307666
Related Vulnerabilities
CVE-2020-1758 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2020-11023 Vulnerability in maven package org.webjars.bower:jquery
CVE-2023-26470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2019-1354 Vulnerability in maven package org.webjars.npm:nodegit
CVE-2020-2270 Vulnerability in maven package org.jenkins-ci.plugins:clearcase-release