Public CVE-2018-3717 disclosure

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.