GHSA-5rc4-8qqh-vq7f
GitHub Security Advisory
vercel/serve allows access to restricted files if filename is URL encoded.
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
Affected Packages
npm
serve
Affected versions:
0
(fixed in 6.5.2)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 4, 2025 6:27 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.