CVE-2021-38384

Name of the Vulnerable Software and Affected Versions Serverless Offline version 8.0.0

Description The issue arises when Serverless Offline returns a 403 HTTP status code for a route with a trailing / character, potentially leading to incorrect access control implementation by developers. This discrepancy occurs because the actual behavior in the Amazon AWS environment results in a 200 HTTP status code, indicating possibly greater than expected permissions.

Recommendations For Serverless Offline version 8.0.0, consider reviewing and adjusting access control configurations to account for the difference in HTTP status code responses between the local development environment and the Amazon AWS environment. As a temporary workaround, developers should be cautious when implementing access control based on the local development environment's behavior, ensuring that the actual permissions in the AWS environment are thoroughly understood and correctly configured.