Open redirect vulnerability in the serve-static plugin prior to 1.7.2 for Node.js, when mounted at the root, allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
serve-static project serve-static |