PT-2019-17651 · Serve · Serve

Published

2019-03-17

Updated

2020-10-19

CVE-2019-5415

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions serve versions prior to 7.0.1

Description A bug in handling the ignore files and directories feature in serve allows an attacker to read a file or list the directory that the victim has not allowed access to. This issue is related to Path Traversal, where explicitly ignored folders can be accessed if the path contains a /./, allowing attackers to access hidden folders and files.

Recommendations For versions prior to 7.0.1, upgrade to version 7.0.1 or later.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-548

Related Identifiers

CVE-2019-5415

GHSA-V588-QCP3-JV46

Affected Products

Serve

PT-2019-17651 · Serve · Serve

CVE-2019-5415

Weakness Enumeration

Related Identifiers

Affected Products

References · 6