Description
Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).
Recommendation
No fix is available yet. Followings are affected versions:
- <= 8.0.0
References
Related Issues
- Incorrect Authorization in @uppy/companion - CVE-2022-0528
- Incorrect sanitisation function leads to `XSS` in mermaid - CVE-2021-43861
- Cross-site Scripting in quill - CVE-2021-3163
- Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect - CVE-2024-30261
You might also like:
- Tags:
- npm
- serverless-offline
Anything's wrong? Let us know Last updated on September 05, 2023


