Back to search
CVE-2015-1164
Published: Jan 21, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
nodejs-servestatic-open-redirect(99936)
vdb-entry
x_refsource_XF
https://github.com/expressjs/serve-static/issues/26
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1181917
x_refsource_CONFIRM
72064
vdb-entry
x_refsource_BID
http://nodesecurity.io/advisories/serve-static-open-redirect
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now