{"id":"AZL-45312","summary":"CVE-2015-1164 affecting package nodejs-nodemon 2.0.3-5","details":"Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.","modified":"2026-04-21T04:32:43.958976Z","published":"2015-01-21T15:28:37Z","upstream":["CVE-2015-1164"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1164"}],"affected":[{"package":{"name":"nodejs-nodemon","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/nodejs-nodemon"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.0.3-5"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-45312.json"}}],"schema_version":"1.7.5"}