CVE-2022-25847

Improper Neutralization in npm/serve-lite

Identifiers

CVE-2022-25847, GHSA-j8x7-qcw4-xx85

Package Slug

npm/serve-lite

Vulnerability

Improper Neutralization

Description

All versions of the package serve-lite is vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.

Affected Versions

All versions

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-01-31

source