serve-static vulnerable to template injection that can lead to XSS
passing untrusted user input - even after sanitizing it - to redirect() may execute untrusted code
passing untrusted user input - even after sanitizing it - to redirect() may execute untrusted code
When using serve-static middleware and it's configured to mount at the root it creates an open redirect on the site. For example: If a user visits http://example.com//www.google.com/%2e%2e they will be redirected to www.google.com