vercel/serve allows access to restricted files if filename is URL encoded.
Moderate severity
GitHub Reviewed
Published
Aug 9, 2021
to the GitHub Advisory Database
•
Updated Sep 12, 2023
Description
Published by the National Vulnerability Database
Jun 7, 2018
Reviewed
Aug 9, 2021
Published to the GitHub Advisory Database
Aug 9, 2021
Last updated
Sep 12, 2023
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
References