Debian Node-Serve-Static vulnerabilities

CVE-2024-43800 [MEDIUM] CVE-2024-43800: node-serve-static - serve-static serves static files. serve-static passes untrusted user input - eve... serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.1.0+~1.15.7-1) sid: resolved (fixed in 2.1.0+~1.15.7-1) trixie: resolved (fixed in 2.1.0+~1.1

CVE-2015-1164 [MEDIUM] CVE-2015-1164: node-serve-static - Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js,... Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI. Scope: local bookworm: resolved (fixed in 1.6.4-2) bullseye: resolved (fixed