DEBIAN-CVE-2015-1164

DEBIAN-CVE-2015-1164 PUBLISHED

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.

Affected Products

Vendor	Product	Versions
Debian:14	node-serve-static	0, 0, 0
Debian:13	node-serve-static	0, 0, 0
Debian:11	node-serve-static	0, 0, 0
Debian:12	node-serve-static	0, 0, 0

Timeline

Jan 21, 2015 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-1164 advisory

Open in Interactive Console →