Search for vulnerabilities
| Vulnerability ID | VCID-ybzn-ajyd-qffr |
| Aliases |
CVE-2015-1164
|
| Summary | Open Redirect When using serve-static middleware version < 1.7.2 and it's configured to mount at the root it creates an open redirect on the site. For example: If a user visits `http://example.com//www.google.com/%2e%2e` they will be redirected to `//www.google.com/%2e%2e`, which some browsers interpret as `http://www.google.com/%2e%2e`. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3 | 5.3 | https://github.com/expressjs/serve-static/issues/26 |
| cvssv3 | 5.3 | https://github.com/nodejs/security-wg/blob/main/vuln/npm/35.json |
| cvssv3 | 5.3 | https://www.owasp.org/index.php/Open_redirect |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/expressjs/serve-static/issues/26 | ||
| https://www.owasp.org/index.php/Open_redirect | ||
| 35 | https://github.com/nodejs/security-wg/blob/main/vuln/npm/35.json |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T03:45:01.576053+00:00 | Npm Importer | Import | https://github.com/nodejs/security-wg/blob/main/vuln/npm/35.json | 38.6.0 |