CVE-2018-3718
MEDIUM5.3EPSS 0.24%vercel/serve allows access to restricted files if filename is URL encoded.
發布日:2021/8/9修改日:2023/11/8
描述
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
受影響套件(1)
- npm/servefrom 0, < 6.5.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |