CVE-2014-10068 — Hidden Directories Always Served in inert

Description

Versions 1.1.1 and earlier of `inert` are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false. The inert directory handler always allows files in hidden directories to be served, even when `showHidden` is false. ## Recommendation Update to version >= 1.1.1.

How to fix CVE-2014-10068

To remediate CVE-2014-10068, upgrade the affected package to a fixed version below.

npm/inert—upgrade to 1.1.1 or later

Is CVE-2014-10068 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.1.1

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-10068
WEBgithub.com/hapijs/inert/commit/e8f99f94da4cb08e8032eda984761c3f111e3e82
WEBgithub.com/hapijs/inert/pull/15
WEBwww.npmjs.com/advisories/14