Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Serve\-Lite
(Serve\-Lite_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-26 | CVE-2022-21192 | All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join(). | Serve\-Lite | 7.5 | ||
| 2023-01-26 | CVE-2022-25847 | All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding. | Serve\-Lite | 6.1 |