Lionel-Rowe

**Name of the Vulnerable Software and Affected Versions** Deno Standard Library versions prior to 1.0.11 **Description** The issue affects the Deno Standard Library, specifically the `http/file-server` module's `serveDir` function when used with the `showDirListing: true` option. This setup is vulnerable to cross-site scripting attacks when an attacker can control file names in the source directory, particularly on systems that use POSIX file names. Although exploitation might be possible on other systems, it is less straightforward due to differences in file name support, such as the lack of support for `<>` in Windows file names. **Recommendations** For Deno Standard Library versions prior to 1.0.11, update to version 1.0.11 to resolve the issue. As a temporary workaround, consider setting `showDirListing` to `false` in the `serveDir` function to minimize the risk of exploitation. Restrict access to the `http/file-server` module, especially for users who can control file names in the source directory, until the update is applied.