Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/dherault/serverless-offline/issues/1259 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-10T17:35:41
Updated: 2024-08-04T01:37:16.558Z
Reserved: 2021-08-10T00:00:00
Link: CVE-2021-38384
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-10T18:15:07.513
Modified: 2024-11-21T06:16:57.640
Link: CVE-2021-38384
Redhat
No data.