serve-lite
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting serve-litepage 1 of 1
- CVE-2022-21192HIGHCVSS 7.5EG 7.52023-01-26
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().
- CVE-2022-25847MEDIUMCVSS 5.4EG 5.42023-01-26
All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without an…
Check whether serve-lite is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for serve-lite CVEs against the assets you own.
Start Free Scan →