CVE-2021-38384

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-38384

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38384.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-38384

Aliases

GHSA-h97f-5258-5593

Published

2021-08-10T18:15:07.513Z

Modified

2026-05-18T20:50:04.934484Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character, which might cause a developer to implement incorrect access control, because the actual behavior within the Amazon AWS environment is a 200 HTTP status code (i.e., possibly greater than expected permissions).

References

https://github.com/dherault/serverless-offline/issues/1259

Affected packages

Git / github.com/dherault/serverless-offline

Affected ranges

Type

GIT

Repo

https://github.com/dherault/serverless-offline

Events

Introduced

Last affected

6eb15d78379b37ce1793c1a53c12fa31e435a042

Database specific

{
    "cpe": "cpe:2.3:a:serverless_offline_project:serverless_offline:8.0.0:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0.0"
        }
    ]
}

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.2.0

0.2.1

0.2.3

0.2.4

3.*

3.24.1

Other

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.8

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v2.*

v2.0.0

v2.0.1

v2.1.0

v2.1.1

v2.2.0

v2.2.1

v2.2.10

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3

v2.3.1

v2.3.2

v2.4.0

v2.5.0

v2.5.1

v2.5.3

v2.6.2

v2.7.1

v2.8.0

v3.*

v3.10.0

v3.10.1

v3.10.2

v3.10.3

v3.11.0

v3.12.0

v3.13.0

v3.13.1

v3.13.2

v3.13.3

v3.13.4

v3.13.5

v3.14.0

v3.14.1

v3.14.2

v3.15.0

v3.15.1

v3.15.2

v3.15.3

v3.16.0

v3.17.0

v3.18.0

v3.2.0

v3.2.1

v3.20.0

v3.20.1

v3.20.2

v3.20.3

v3.22.0

v3.23.0

v3.24.3

v3.24.4

v3.24.5

v3.25.0

v3.25.11

v3.25.17

v3.25.3

v3.25.4

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.32.1

v3.4.0

v3.4.1

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.7

v3.6.0

v3.7.0

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.9.0

v3.9.1

v4.*

v4.0.0

v4.1.4

v4.2.0

v4.2.1

v4.7.0

v4.8.0

v4.8.1

v4.9.1

v5.*

v5.0.0

v5.1.1

v5.2.0

v5.2.1

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.4.0

v5.4.3

v5.4.4

v5.5.0

v5.5.1

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.8.0

v6.*

v6.0.0

v6.0.0-alpha.0

v6.0.0-alpha.1

v6.0.0-alpha.10

v6.0.0-alpha.11

v6.0.0-alpha.12

v6.0.0-alpha.13

v6.0.0-alpha.14

v6.0.0-alpha.15

v6.0.0-alpha.16

v6.0.0-alpha.17

v6.0.0-alpha.18

v6.0.0-alpha.19

v6.0.0-alpha.2

v6.0.0-alpha.20

v6.0.0-alpha.21

v6.0.0-alpha.22

v6.0.0-alpha.23

v6.0.0-alpha.24

v6.0.0-alpha.25

v6.0.0-alpha.26

v6.0.0-alpha.27

v6.0.0-alpha.28

v6.0.0-alpha.29

v6.0.0-alpha.3

v6.0.0-alpha.30

v6.0.0-alpha.31

v6.0.0-alpha.32

v6.0.0-alpha.33

v6.0.0-alpha.34

v6.0.0-alpha.35

v6.0.0-alpha.36

v6.0.0-alpha.37

v6.0.0-alpha.38

v6.0.0-alpha.39

v6.0.0-alpha.4

v6.0.0-alpha.40

v6.0.0-alpha.41

v6.0.0-alpha.42

v6.0.0-alpha.43

v6.0.0-alpha.44

v6.0.0-alpha.45

v6.0.0-alpha.46

v6.0.0-alpha.47

v6.0.0-alpha.48

v6.0.0-alpha.49

v6.0.0-alpha.5

v6.0.0-alpha.50

v6.0.0-alpha.51

v6.0.0-alpha.54

v6.0.0-alpha.55

v6.0.0-alpha.56

v6.0.0-alpha.57

v6.0.0-alpha.58

v6.0.0-alpha.59

v6.0.0-alpha.6

v6.0.0-alpha.60

v6.0.0-alpha.61

v6.0.0-alpha.62

v6.0.0-alpha.7

v6.0.0-alpha.8

v6.0.0-alpha.9

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.1.4

v6.1.7

v6.2.0

v6.3.0

v6.3.1

v6.3.2

v6.5.0

v6.6.0

v6.7.0

v6.8.0

v6.9.0

v7.*

v7.0.0

v7.1.0

v8.*

v8.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38384.json"