CVE-2019-5444

Name of the Vulnerable Software and Affected Versions serve-here.js versions prior to 1.2.0

Description The issue allows attackers to list any file in an arbitrary folder due to a path traversal vulnerability. This is caused by the package's failure to sanitize URLs, enabling attackers to access server files outside of the served folder using relative paths.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and folders on the server to minimize the risk of exploitation.