CVE-2019-5415
21.03.2019, 16:01
A bug in handling the ignore files and directories feature in serve 6.5.3 allows an attacker to read a file or list the directory that the victim has not allowed access to.Enginsight
| Vendor | Product | Version |
|---|---|---|
| zeit | serve | 6.5.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-548 - Exposure of Information Through Directory ListingA directory listing is inappropriately exposed, yielding potentially sensitive information to attackers.
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.