{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39303?format=json","vulnerability_id":"VCID-mh2m-vfgy-sqhr","summary":"Directory Traversal\nserve-here is vulnerable to a directory traversal attack. This means that files on the local file system which exist outside of the web root may be disclosed to an attacker. This might include confidential files. Mitigating Factors: if the node process is run as a user with very limited filesystem permissions, there is significantly less risk of exposing confidential/private information.","aliases":[{"alias":"GMS-2018-1"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54849?format=json","purl":"pkg:npm/serve-here@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ssu-jq4h-ruct"},{"vulnerability":"VCID-mh2m-vfgy-sqhr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/serve-here@3.2.0"}],"references":[{"reference_url":"https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2"},{"reference_url":"https://hackerone.com/reports/296254","reference_id":"","reference_type":"","scores":[],"url":"https://hackerone.com/reports/296254"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mh2m-vfgy-sqhr"}