Information Exposure The advisory has been revoked - it doesn't affect any version of package serve-static Open this link in a new tab
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID npm:serve-static:20150120
- published 20 Jan 2015
- disclosed 20 Jan 2015
- credit Unknown
Overview
serve-static is a Node.js module available through the npm registry.
Affected versions of this package are vulnerable to Information Exposure. The roots path would be exposed via the express.static
, res.sendfile
, and res.sendFile
methods.
Amendment
This was deemed not a vulnerability.
Recommendations
Upgrade serve-static
to version 1.8.1 or higher.