CVE-2019-5415

High

A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the…

hackerone·CWE-548·Published 2019-03-17

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

172 chars

A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.

NVDen

172 chars

A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.

Versions of `serve` prior to 7.0.1 are vulnerable to Path Traversal. Explicitly ignored folders can be accessed through if the path contains a `/./`, which allows attackers to access hidden folders and files. ## Recommendation Upgrade to version 7.0.1 or later.

GHSAen

264 chars

NVDes

202 chars

Un error en el manejo de los archivos ignore y en la funcionalidad de directorios en serve 6.5.3 permite que un atacante lea un archivo o liste el directorio al que la víctima no ha permitido el acceso.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N