Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/serve-here@3.2.0
Typenpm
Namespace
Nameserve-here
Version3.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-4ssu-jq4h-ruct
vulnerability_id VCID-4ssu-jq4h-ruct
summary Relative Path Traversal in serve-here.
references
0
reference_url https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2
reference_id
reference_type
scores
url https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2
1
reference_url https://github.com/vivaxy/here/pull/17
reference_id
reference_type
scores
url https://github.com/vivaxy/here/pull/17
2
reference_url https://hackerone.com/reports/296254
reference_id
reference_type
scores
url https://hackerone.com/reports/296254
3
reference_url https://hackerone.com/reports/569966
reference_id
reference_type
scores
url https://hackerone.com/reports/569966
4
reference_url https://nodesecurity.io/advisories/554
reference_id
reference_type
scores
url https://nodesecurity.io/advisories/554
5
reference_url https://www.npmjs.com/advisories/554
reference_id
reference_type
scores
url https://www.npmjs.com/advisories/554
6
reference_url https://github.com/advisories/GHSA-g8m7-qhv7-9h5x
reference_id GHSA-g8m7-qhv7-9h5x
reference_type
scores
url https://github.com/advisories/GHSA-g8m7-qhv7-9h5x
fixed_packages
aliases GHSA-g8m7-qhv7-9h5x, GMS-2019-140
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ssu-jq4h-ruct
1
url VCID-mh2m-vfgy-sqhr
vulnerability_id VCID-mh2m-vfgy-sqhr
summary 
Directory Traversal
serve-here is vulnerable to a directory traversal attack. This means that files on the local file system which exist outside of the web root may be disclosed to an attacker. This might include confidential files. Mitigating Factors: if the node process is run as a user with very limited filesystem permissions, there is significantly less risk of exposing confidential/private information.
references
0
reference_url https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2
reference_id
reference_type
scores
url https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2
1
reference_url https://hackerone.com/reports/296254
reference_id
reference_type
scores
url https://hackerone.com/reports/296254
fixed_packages
aliases GMS-2018-1
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mh2m-vfgy-sqhr
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/serve-here@3.2.0