CVE-2019-5444
Path Traversal in serve-here.js
5.3
MEDIUM
CVSS 3.1
EPSS 0.23%
Description
Versions of serve-here.js prior to 1.2.0 are vulnerable to path traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths.
How to fix CVE-2019-5444
To remediate CVE-2019-5444, upgrade the affected package to a fixed version below.
- npm/serve-here.js—upgrade to 1.2.0 or later
Is CVE-2019-5444 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |