CVE-2018-3809

MEDIUM5.3EPSS 0.22%

Information Exposure on Case Insensitive File Systems in serve

Published: 7/18/2018Modified: 11/8/2023

Description

Versions of `serve` before 7.0.0 are vulnerable to information exposure, bypassing the ignore security control, but only on case insensitive file systems. ## Recommendation Update to version 7.0.0 or later.

Affected packages (1)

npm/servefrom 0, < 7.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (4)

ADVISORYhttps://github.com/advisories/GHSA-686g-3xr3-x4x6
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-3809
WEBhttps://hackerone.com/reports/330650
WEBhttps://www.npmjs.com/advisories/672