6 matches found
DEBIAN-CVE-2026-44301
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
CVE-2026-44301
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
CVE-2026-44301 Hugo: Node tool execution allows file system access outside the project directory
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
CVE-2026-44301
Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the execution of Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS. An attacker can gain unauthorized access to files outside the intended project directory by executing code through these tools wh...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the execution of Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS. An attacker can gain unauthorized access to files outside the intended project directory by executing code through these tools wh...