Search for vulnerabilities
| Vulnerability ID | VCID-jush-3rg9-1kbs |
| Aliases |
GMS-2018-1
|
| Summary | Directory Traversal serve-here is vulnerable to a directory traversal attack. This means that files on the local file system which exist outside of the web root may be disclosed to an attacker. This might include confidential files. Mitigating Factors: if the node process is run as a user with very limited filesystem permissions, there is significantly less risk of exposing confidential/private information. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| There are no known severity scores. | ||
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2 | ||
| https://hackerone.com/reports/296254 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-12T15:40:17.133323+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/serve-here/GMS-2018-1.yml | 38.6.0 |