Skip to content

Hidden Directories Always Served in inert

Moderate severity GitHub Reviewed Published Aug 31, 2020 to the GitHub Advisory Database • Updated Jan 9, 2023

Package

npm inert (npm)

Affected versions

< 1.1.1

Patched versions

1.1.1

Description

Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false.

The inert directory handler always allows files in hidden directories to be served, even when showHidden is false.

Recommendation

Update to version >= 1.1.1.

References

Reviewed Aug 31, 2020
Published to the GitHub Advisory Database Aug 31, 2020
Last updated Jan 9, 2023

Severity

Moderate

EPSS score

0.170%
(54th percentile)

Weaknesses

CVE ID

CVE-2014-10068

GHSA ID

GHSA-g4xp-36c3-f7mr

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.