Serve-Static Project Serve-Static vulnerabilities

CVE-2024-43800 [LOW] CWE-79 serve-static vulnerable to template injection that can lead to XSS serve-static vulnerable to template injection that can lead to XSS ### Impact passing untrusted user input - even after sanitizing it - to `redirect()` may execute untrusted code ### Patches this issue is patched in serve-static 1.16.0 ### Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any untrusted inputs are

CVE-2015-1164 [MEDIUM] CVE-2015-1164: Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.