CVE-2018-3809

MEDIUM

serve < 7.0.0 - Unauthenticated Exposure of Sensitive Information via Directory Listing

Title source: llm
STIX 2.1

Description

Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/330650

Scores

CVSS v3 5.3
EPSS 0.0105
EPSS Percentile 60.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
npm/serve 0 - 7.0.0npm
zeit/serve 6.5.3
Published Jun 01, 2018
Tracked Since Feb 18, 2026